https://live.paloaltonetworks.com/t5/general-topics/remedies-for-block-attacks/m-p/432389#M95733 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/179347">@VishnuPS</a>,</P><P>Do you have Zone Protection enabled? While you are asking about ransomware, the fact that your ISP is reporting an issue means you are more than likely actually experiencing a DoS/DDoS attempt. ISPs generally speaking would not be monitoring for any other sort of threat, as it really has no basis on their operations.</P><P>The firewall by default doesn't log intrazone-default traffic, which would be how traffic received by your untrust interface would actually get logged. You may want to override that so that it logs at session-end so that you record those logs. I'd recommend reading up on zone protection and spending some time getting it properly configured so that you are at the very least alerted of the issue before your ISP is contacting you.&nbsp;</P> Tue, 07 Sep 2021 17:08:56 GMT BPry 2021-09-07T17:08:56Z https://live.paloaltonetworks.com/t5/general-topics/remedies-for-block-attacks/m-p/432154#M95176 <P>Dear Team,</P><P>&nbsp;</P><P>One of our faced some attacks from their wan interface IP. The issue is reported by their ISP team, when we checked in the firewall there are no logs.</P><P>&nbsp;</P><P>In customer network, huge number of traffic is going at the same time. The device is 3020. Already customer is facing some slowness in the network traffic.</P><P>&nbsp;</P><P>Kindly share the&nbsp;Remedies for block ransomware attacks.</P><P>&nbsp;</P><P>Regards,</P><P>Vishnu</P> Tue, 07 Sep 2021 05:51:45 GMT https://live.paloaltonetworks.com/t5/general-topics/remedies-for-block-attacks/m-p/432154#M95176 VishnuPS 2021-09-07T05:51:45Z https://live.paloaltonetworks.com/t5/general-topics/remedies-for-block-attacks/m-p/432331#M95732 <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClTLCA0" target="_self">Best practices for ransomware prevention.&nbsp;</A></P><P>&nbsp;</P><P>Please also reach out to your account team to schedule a best practice assessment for free. It's the best way to make sure a configuration is tooled the best possible way.&nbsp;</P> Tue, 07 Sep 2021 16:02:34 GMT https://live.paloaltonetworks.com/t5/general-topics/remedies-for-block-attacks/m-p/432331#M95732 LAYER_8 2021-09-07T16:02:34Z https://live.paloaltonetworks.com/t5/general-topics/remedies-for-block-attacks/m-p/432389#M95733 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/179347">@VishnuPS</a>,</P><P>Do you have Zone Protection enabled? While you are asking about ransomware, the fact that your ISP is reporting an issue means you are more than likely actually experiencing a DoS/DDoS attempt. ISPs generally speaking would not be monitoring for any other sort of threat, as it really has no basis on their operations.</P><P>The firewall by default doesn't log intrazone-default traffic, which would be how traffic received by your untrust interface would actually get logged. You may want to override that so that it logs at session-end so that you record those logs. I'd recommend reading up on zone protection and spending some time getting it properly configured so that you are at the very least alerted of the issue before your ISP is contacting you.&nbsp;</P> Tue, 07 Sep 2021 17:08:56 GMT https://live.paloaltonetworks.com/t5/general-topics/remedies-for-block-attacks/m-p/432389#M95733 BPry 2021-09-07T17:08:56Z