https://live.paloaltonetworks.com/t5/general-topics/ddos-flood-protection-and-testing-blavck-nurse/m-p/127357#M46594 <P>you can visualize flood protection is enabled by setting the 'alert' treshold very low. The alert setting will only trigger log entries but will not take action on the inbound flow. if you really want to test flood protection you would need a traffic generation tool</P> <P>&nbsp;</P> <P>It is recommended to use the 'ping' app-id for pings, as the icmp application will not identify ping ('ping' is for echo requests/replies, "icmp" is intended for other ICMP packets)</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 18 Nov 2016 10:43:13 GMT reaper 2016-11-18T10:43:13Z https://live.paloaltonetworks.com/t5/general-topics/ddos-flood-protection-and-testing-blavck-nurse/m-p/127143#M46587 <P>Is there any testing that can be done to test&nbsp; Flood Protection after applied to a policy?&nbsp; Is it recommended to replace&nbsp; app-id ICMP with app-id ping in policy to remediate blacknurse</P> Thu, 17 Nov 2016 18:02:36 GMT https://live.paloaltonetworks.com/t5/general-topics/ddos-flood-protection-and-testing-blavck-nurse/m-p/127143#M46587 clyde.franklin 2016-11-17T18:02:36Z https://live.paloaltonetworks.com/t5/general-topics/ddos-flood-protection-and-testing-blavck-nurse/m-p/127357#M46594 <P>you can visualize flood protection is enabled by setting the 'alert' treshold very low. The alert setting will only trigger log entries but will not take action on the inbound flow. if you really want to test flood protection you would need a traffic generation tool</P> <P>&nbsp;</P> <P>It is recommended to use the 'ping' app-id for pings, as the icmp application will not identify ping ('ping' is for echo requests/replies, "icmp" is intended for other ICMP packets)</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 18 Nov 2016 10:43:13 GMT https://live.paloaltonetworks.com/t5/general-topics/ddos-flood-protection-and-testing-blavck-nurse/m-p/127357#M46594 reaper 2016-11-18T10:43:13Z