https://live.paloaltonetworks.com/t5/general-topics/is-it-possible-to-limit-concurrent-session-per-zone-or-per/m-p/19641#M14342 <HTML><HEAD></HEAD><BODY><P>Hi,<BR />I have just a small question about the DoS profile, for a test I configured the profile with the value below for Syn flood:</P><P>Alarm Rate (packets/sec) 50<BR />Activate Rate (packets/sec) 50<BR />Maximal Rate (packets/sec) 800<BR />Block Duration (seconds) 300</P><P><BR />After flooding with 100pps I can see on the threat log that syn flood was detected and randomly was dropped, but how about the first value (Alarm Rate) where I should receive the Alarm ? as above I should receive an alarm after 50pps ?</P><P>Thanks for your help</P><P>Regards</P></BODY></HTML> Thu, 29 Nov 2012 15:23:15 GMT BSadozai 2012-11-29T15:23:15Z https://live.paloaltonetworks.com/t5/general-topics/is-it-possible-to-limit-concurrent-session-per-zone-or-per/m-p/19638#M14339 <HTML><HEAD></HEAD><BODY><P>Hi Guys.</P><P>I was looking to limit session per Zone or per src IP and I found this discussion, so we are in version 4.1.8 and cannot find any option on the QoS to do this limit ?</P><P></P><P>Thanks for your help</P></BODY></HTML> Thu, 22 Nov 2012 16:05:49 GMT https://live.paloaltonetworks.com/t5/general-topics/is-it-possible-to-limit-concurrent-session-per-zone-or-per/m-p/19638#M14339 BSadozai 2012-11-22T16:05:49Z https://live.paloaltonetworks.com/t5/general-topics/is-it-possible-to-limit-concurrent-session-per-zone-or-per/m-p/19639#M14340 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>It is not under the QoS setting.</P><P></P><P>To do this, you need to go to the policy tab and configure the DoS policy. You need to input the source and destination zones you want to apply the control, and choose</P><P></P><P>- protect instead of allow/any as the action</P><P>- classified instead of aggregated as the type of protection</P><P>- choose whether you want to consider a counter hit by just the src IP, src IP + Dst IP or just the dst IP</P><P>- create the DoS profile, and under the resource protection input the limit</P><P></P><P>Regards,</P><P></P><P>Jones</P></BODY></HTML> Thu, 22 Nov 2012 16:30:26 GMT https://live.paloaltonetworks.com/t5/general-topics/is-it-possible-to-limit-concurrent-session-per-zone-or-per/m-p/19639#M14340 jleung 2012-11-22T16:30:26Z https://live.paloaltonetworks.com/t5/general-topics/is-it-possible-to-limit-concurrent-session-per-zone-or-per/m-p/19640#M14341 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>Thanks for your quick answer.</P><P>This is greate.</P><P>Regards</P></BODY></HTML> Fri, 23 Nov 2012 08:04:15 GMT https://live.paloaltonetworks.com/t5/general-topics/is-it-possible-to-limit-concurrent-session-per-zone-or-per/m-p/19640#M14341 BSadozai 2012-11-23T08:04:15Z https://live.paloaltonetworks.com/t5/general-topics/is-it-possible-to-limit-concurrent-session-per-zone-or-per/m-p/19641#M14342 <HTML><HEAD></HEAD><BODY><P>Hi,<BR />I have just a small question about the DoS profile, for a test I configured the profile with the value below for Syn flood:</P><P>Alarm Rate (packets/sec) 50<BR />Activate Rate (packets/sec) 50<BR />Maximal Rate (packets/sec) 800<BR />Block Duration (seconds) 300</P><P><BR />After flooding with 100pps I can see on the threat log that syn flood was detected and randomly was dropped, but how about the first value (Alarm Rate) where I should receive the Alarm ? as above I should receive an alarm after 50pps ?</P><P>Thanks for your help</P><P>Regards</P></BODY></HTML> Thu, 29 Nov 2012 15:23:15 GMT https://live.paloaltonetworks.com/t5/general-topics/is-it-possible-to-limit-concurrent-session-per-zone-or-per/m-p/19641#M14342 BSadozai 2012-11-29T15:23:15Z