Hi,
I searched about this subject matter in the forum but didn't find an answer.
I need to create a firewall rule to monitor PPS traffic from/to customers
If a customer exceeds some number of PPS (maybe 50.000 pps), add the /32 IP address to an address-list for some time
This way I can block it for some minutes in the RAW.
We have some customers acting like zombie to DDoS attacks, mainly to our CDN servers.
Thanks!