I've been asked to investigate Zone Protection on one of our PAN firewalls. I'm trying to determine what safe values would be for me to begin with for syn, icmp, udp and other ip protection types.
Since this is a production firewall, I need to be certain I'm not going to generate any issues when the profile is applied. Is there a way for me to determine if the default thresholds are a safe starting point for my particular situation? Using show session info I can see that for the entire firewall, the Packet rate/s is peaking around 20K/s and the New connection est rate is peaking around 2500 cps. These numbers are of course for the whole firewall and I would only be applying to a single zone.
Are these numbers indicative that I would be safe with the default thresholds as a starting point? Are there some other counters I should be looking at? I've read the documentation and the tech notes for Zone protection but am still a little unclear on how to determine a starting point for the thresholds.
Solved! Go to Solution.
Here is a really great post of @BPry: https://live.paloaltonetworks.com/t5/General-Topics/Zone-Protection-Profile-testing/td-p/169950/page... (fist post on that page, but maybe the whole topic will be helpful in your situation)
This will probably answer a lot of your questions. And if not, feel free to ask again.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!