https://live.paloaltonetworks.com/t5/general-topics/blacknurse-testing-causes-issues-on-egress-firewall/m-p/131538#M46967 <P>FYI It doesn't appear to require an&nbsp;attack to be an IP address bound to the PA.</P><P>&nbsp;</P><P>It also appears that testing a remote firewall while egressing through a PA firewall causes your local firewall to experience DOS effects. It is not just inbound to an IP address of a PA's interface or NAT to that interface.</P><P>&nbsp;</P><P>I did an hping3 of type 3 to a remote PA-3020 to test my flood protection in a Zone Protection configuration. In doing so, many of our cloud services became unresponsive through our HQ PA-5060 firewall the testing client was behind.</P> Tue, 06 Dec 2016 18:32:41 GMT bspilde 2016-12-06T18:32:41Z https://live.paloaltonetworks.com/t5/general-topics/blacknurse-testing-causes-issues-on-egress-firewall/m-p/131538#M46967 <P>FYI It doesn't appear to require an&nbsp;attack to be an IP address bound to the PA.</P><P>&nbsp;</P><P>It also appears that testing a remote firewall while egressing through a PA firewall causes your local firewall to experience DOS effects. It is not just inbound to an IP address of a PA's interface or NAT to that interface.</P><P>&nbsp;</P><P>I did an hping3 of type 3 to a remote PA-3020 to test my flood protection in a Zone Protection configuration. In doing so, many of our cloud services became unresponsive through our HQ PA-5060 firewall the testing client was behind.</P> Tue, 06 Dec 2016 18:32:41 GMT https://live.paloaltonetworks.com/t5/general-topics/blacknurse-testing-causes-issues-on-egress-firewall/m-p/131538#M46967 bspilde 2016-12-06T18:32:41Z https://live.paloaltonetworks.com/t5/general-topics/blacknurse-testing-causes-issues-on-egress-firewall/m-p/131562#M46971 <P>It sounds like you hit the CPS limits of your device, which in affect would be almost the same as a DOS. &nbsp;</P> Tue, 06 Dec 2016 19:25:43 GMT https://live.paloaltonetworks.com/t5/general-topics/blacknurse-testing-causes-issues-on-egress-firewall/m-p/131562#M46971 BPry 2016-12-06T19:25:43Z https://live.paloaltonetworks.com/t5/general-topics/blacknurse-testing-causes-issues-on-egress-firewall/m-p/131593#M46972 <P>Sitting at 900 peak out of 120,000 on a regular basis so I don't think that was it. I'll test again specifically watching CPS in show session info as well as CPU utilization. As I recall, our Egress PA did not have any noticible fluctuations in CPU utilization during the hping3 test.</P> Tue, 06 Dec 2016 21:01:44 GMT https://live.paloaltonetworks.com/t5/general-topics/blacknurse-testing-causes-issues-on-egress-firewall/m-p/131593#M46972 bspilde 2016-12-06T21:01:44Z https://live.paloaltonetworks.com/t5/general-topics/blacknurse-testing-causes-issues-on-egress-firewall/m-p/131757#M46978 <P>Interesting; keep us posted. Unless I'm completely remembering things wrong the PA wasn't supposed to be affected by this unless you hit the CPS limit due to someone trying to launch the attach.&nbsp;</P> Wed, 07 Dec 2016 14:04:27 GMT https://live.paloaltonetworks.com/t5/general-topics/blacknurse-testing-causes-issues-on-egress-firewall/m-p/131757#M46978 BPry 2016-12-07T14:04:27Z