https://live.paloaltonetworks.com/t5/general-topics/idenfiy-number-of-connection-of-per-zone-with-or-without-snmp/m-p/202536#M59747 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/78551">@RamBalaji</a>,</P><P>I don't really know of a&nbsp;<EM>good</EM> way to actually do this at all. What I usually recommend is that you set the 'Activate' and 'Maximum' values to something that you&nbsp;<STRONG>know</STRONG> you aren't going to hit; even if that's your platforms max session rate. Then you play around with the 'Alarm' rate until you essentially baseline the traffic.&nbsp;</P><P>Then make sure that your 'Action' for your Reconnaissance Protection is 'alert', and you can do the same here and play around with any source exclusions that you need to make.&nbsp;</P><P>Packet Based Attack Protection is something that you'll need to read up on and probably enable outside of business hours to ensure you don't cause any issues. All of these are detailed and you can make the determination on whether or not you want it on, but this is usually where people run into issues with legit traffic getting dropped when they first enable ZP.&nbsp;</P><P>&nbsp;</P><P>Hope that helps a bit.&nbsp;</P> Tue, 27 Feb 2018 14:09:18 GMT BPry 2018-02-27T14:09:18Z https://live.paloaltonetworks.com/t5/general-topics/idenfiy-number-of-connection-of-per-zone-with-or-without-snmp/m-p/202522#M59745 <P>Dear All,</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; I need to configure zone protection, how to find the number of connetion per second for each zone.</P><P>&nbsp;</P><P>I tried with "show session info" and i can see "new connection establish rate" but i need to take the average for 2 or 3 weeks.</P><P>So if its on the snmp which ouid i have to use to monitor or any other method to identify the connection per second on each zone.</P><P>&nbsp;</P><P>with regards,</P><P>Ram</P> Tue, 27 Feb 2018 13:51:55 GMT https://live.paloaltonetworks.com/t5/general-topics/idenfiy-number-of-connection-of-per-zone-with-or-without-snmp/m-p/202522#M59745 RamBalaji 2018-02-27T13:51:55Z https://live.paloaltonetworks.com/t5/general-topics/idenfiy-number-of-connection-of-per-zone-with-or-without-snmp/m-p/202536#M59747 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/78551">@RamBalaji</a>,</P><P>I don't really know of a&nbsp;<EM>good</EM> way to actually do this at all. What I usually recommend is that you set the 'Activate' and 'Maximum' values to something that you&nbsp;<STRONG>know</STRONG> you aren't going to hit; even if that's your platforms max session rate. Then you play around with the 'Alarm' rate until you essentially baseline the traffic.&nbsp;</P><P>Then make sure that your 'Action' for your Reconnaissance Protection is 'alert', and you can do the same here and play around with any source exclusions that you need to make.&nbsp;</P><P>Packet Based Attack Protection is something that you'll need to read up on and probably enable outside of business hours to ensure you don't cause any issues. All of these are detailed and you can make the determination on whether or not you want it on, but this is usually where people run into issues with legit traffic getting dropped when they first enable ZP.&nbsp;</P><P>&nbsp;</P><P>Hope that helps a bit.&nbsp;</P> Tue, 27 Feb 2018 14:09:18 GMT https://live.paloaltonetworks.com/t5/general-topics/idenfiy-number-of-connection-of-per-zone-with-or-without-snmp/m-p/202536#M59747 BPry 2018-02-27T14:09:18Z https://live.paloaltonetworks.com/t5/general-topics/idenfiy-number-of-connection-of-per-zone-with-or-without-snmp/m-p/202562#M59758 <P>Hello,</P><P>The way I have done it in the past was take the default vaules. If after a month nothing got blocked, I would halve the values. Then keep this going until we saw an impact and then ramp it back up.</P><P>&nbsp;</P><P>Cheers!</P> Tue, 27 Feb 2018 16:04:31 GMT https://live.paloaltonetworks.com/t5/general-topics/idenfiy-number-of-connection-of-per-zone-with-or-without-snmp/m-p/202562#M59758 OtakarKlier 2018-02-27T16:04:31Z https://live.paloaltonetworks.com/t5/general-topics/idenfiy-number-of-connection-of-per-zone-with-or-without-snmp/m-p/202688#M59771 <P>Bpry &amp; Otakar.Klier,</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Thanks for sharing your experience. Environment is critical and needs to applied for 6 location, security team will not allow this approach.</P><P>Any other methods available ??</P><P>&nbsp;</P><P>with regards,</P><P>Ram</P> Wed, 28 Feb 2018 05:30:27 GMT https://live.paloaltonetworks.com/t5/general-topics/idenfiy-number-of-connection-of-per-zone-with-or-without-snmp/m-p/202688#M59771 RamBalaji 2018-02-28T05:30:27Z