https://live.paloaltonetworks.com/t5/general-topics/packet-based-attack/m-p/1414#M1101 <HTML><HEAD></HEAD><BODY><P>Hello Panlst,</P><P></P><P>Enabling all options may drop legitimate traffic too.</P><P>To check drop packets , you can run following command :</P><P><SPAN style="font-size: 10pt; line-height: 1.5em;"><BR /></SPAN></P><P><SPAN style="font-size: 10pt; line-height: 1.5em;">&gt; show zone-protection zone untrust</SPAN></P><P></P><P>This output will show all the options that have been enabled and the number of packets dropped by it.</P><P><SPAN style="font-size: 10pt; line-height: 1.5em;">For best practices, please check following document too :</SPAN></P><P></P><P><A _jive_internal="true" href="https://live.paloaltonetworks.com/servlet/JiveServlet/previewBody/5078-102-5-14892/Understanding_DoS_Protection.pdf" title="https://live.paloaltonetworks.com/servlet/JiveServlet/previewBody/5078-102-5-14892/Understanding_DoS_Protection.pdf">https://live.paloaltonetworks.com/servlet/JiveServlet/previewBody/5078-102-5-14892/Understanding_DoS_Protection.pdf</A></P><P></P><P><STRONG><A href="https://live.paloaltonetworks.com/docs/DOC-3094">Threat Prevention Deployment Tech Note</A></STRONG></P><P></P><P>Please let us know if was helpful.</P><P><SPAN style="font-size: 10pt; line-height: 1.5em;">Thanks</SPAN></P></BODY></HTML> Wed, 10 Dec 2014 00:26:44 GMT MSharma 2014-12-10T00:26:44Z https://live.paloaltonetworks.com/t5/general-topics/packet-based-attack/m-p/1413#M1100 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Will Choosing all options cause a false positive ?(especially IP option boxes)</P><P>And how can we see these drops ?</P><P></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-7445">Unable to See the Threat Logs for Packet Based Attack</A></P><P>Thanks</P></BODY></HTML> Tue, 09 Dec 2014 21:05:06 GMT https://live.paloaltonetworks.com/t5/general-topics/packet-based-attack/m-p/1413#M1100 PanIst 2014-12-09T21:05:06Z https://live.paloaltonetworks.com/t5/general-topics/packet-based-attack/m-p/1414#M1101 <HTML><HEAD></HEAD><BODY><P>Hello Panlst,</P><P></P><P>Enabling all options may drop legitimate traffic too.</P><P>To check drop packets , you can run following command :</P><P><SPAN style="font-size: 10pt; line-height: 1.5em;"><BR /></SPAN></P><P><SPAN style="font-size: 10pt; line-height: 1.5em;">&gt; show zone-protection zone untrust</SPAN></P><P></P><P>This output will show all the options that have been enabled and the number of packets dropped by it.</P><P><SPAN style="font-size: 10pt; line-height: 1.5em;">For best practices, please check following document too :</SPAN></P><P></P><P><A _jive_internal="true" href="https://live.paloaltonetworks.com/servlet/JiveServlet/previewBody/5078-102-5-14892/Understanding_DoS_Protection.pdf" title="https://live.paloaltonetworks.com/servlet/JiveServlet/previewBody/5078-102-5-14892/Understanding_DoS_Protection.pdf">https://live.paloaltonetworks.com/servlet/JiveServlet/previewBody/5078-102-5-14892/Understanding_DoS_Protection.pdf</A></P><P></P><P><STRONG><A href="https://live.paloaltonetworks.com/docs/DOC-3094">Threat Prevention Deployment Tech Note</A></STRONG></P><P></P><P>Please let us know if was helpful.</P><P><SPAN style="font-size: 10pt; line-height: 1.5em;">Thanks</SPAN></P></BODY></HTML> Wed, 10 Dec 2014 00:26:44 GMT https://live.paloaltonetworks.com/t5/general-topics/packet-based-attack/m-p/1414#M1101 MSharma 2014-12-10T00:26:44Z