Determining safe starting thresholds for Zone Protection

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Determining safe starting thresholds for Zone Protection

L2 Linker

I've been asked to investigate Zone Protection on one of our PAN firewalls.  I'm trying to determine what safe values would be for me to begin with for syn, icmp, udp and other ip protection types.

 

Since this is a production firewall, I need to be certain I'm not going to generate any issues when the profile is applied.  Is there a way for me to determine if the default thresholds are a safe starting point for my particular situation?  Using show session info I can see that for the entire firewall, the Packet rate/s is peaking around 20K/s and the New connection est rate is peaking around 2500 cps.  These numbers are of course for the whole firewall and I would only be applying to  a single zone.

 

Are these numbers indicative that I would be safe with the default thresholds as a starting point?  Are there some other counters I should be looking at?  I've read the documentation and the tech notes for Zone protection but am still a little unclear on how to determine a starting point for the thresholds.

 

Thanks!

1 accepted solution

Accepted Solutions

L7 Applicator

Hi @epeeler

 

Here is a really great post of @BPryhttps://live.paloaltonetworks.com/t5/General-Topics/Zone-Protection-Profile-testing/td-p/169950/page... (fist post on that page, but maybe the whole topic will be helpful in your situation)

 

This will probably answer a lot of your questions. And if not, feel free to ask again.

 

Regards,

Remo

View solution in original post

2 REPLIES 2

L7 Applicator

Hi @epeeler

 

Here is a really great post of @BPryhttps://live.paloaltonetworks.com/t5/General-Topics/Zone-Protection-Profile-testing/td-p/169950/page... (fist post on that page, but maybe the whole topic will be helpful in your situation)

 

This will probably answer a lot of your questions. And if not, feel free to ask again.

 

Regards,

Remo

Excellent post! Thank you for the link.

 

 

  • 1 accepted solution
  • 2352 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!