Palo Alto Networks firewall protection is based on application intelligence, so in the case of TCP, a TCP session must be established before the application can be discovered. However, after a TCP session has been established, silent dropping of packets without sending a TCP reset can be dangerous. The “drop” action could break the application and cause it to misbehave. An application might hang, continue to send packets, or unnecessarily hold system resources open. Therefore, the default “deny” action defined for more than half of the applications recognized by the firewall is to send a TCP reset.
[Palo Alto Networks]
The question is about 'generally' preserving the resources, without spelling out server side or client side. Best option in such a case is DROP and then RESET-BOTH.
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/policy/security-policy/security-policy-actions
I disagree on the DROP option, if selected, the application will misbehave and most likely keep the sockets open as well as continually send packets seeking a response.
reset-server is useful when internal resources need to be protected from excessive resource consumption due to half-open sockets.
reset-both will provide best user experience and protect servers' resources, but may facilitate malicious use.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
DlaEdu_Ex
5 months, 1 week agoOhEmGee
5 months, 2 weeks agoDatITGuyTho1337
3 months, 2 weeks agoblahblah1234567890000
6 months agosjurka
7 months ago