Determining safe starting thresholds for Zone Protection

L2 Linker

Determining safe starting thresholds for Zone Protection

I've been asked to investigate Zone Protection on one of our PAN firewalls.  I'm trying to determine what safe values would be for me to begin with for syn, icmp, udp and other ip protection types.


Since this is a production firewall, I need to be certain I'm not going to generate any issues when the profile is applied.  Is there a way for me to determine if the default thresholds are a safe starting point for my particular situation?  Using show session info I can see that for the entire firewall, the Packet rate/s is peaking around 20K/s and the New connection est rate is peaking around 2500 cps.  These numbers are of course for the whole firewall and I would only be applying to  a single zone.


Are these numbers indicative that I would be safe with the default thresholds as a starting point?  Are there some other counters I should be looking at?  I've read the documentation and the tech notes for Zone protection but am still a little unclear on how to determine a starting point for the thresholds.



L7 Applicator

Re: Determining safe starting thresholds for Zone Protection

Hi @epeeler


Here is a really great post of @BPry (fist post on that page, but maybe the whole topic will be helpful in your situation)


This will probably answer a lot of your questions. And if not, feel free to ask again.




L2 Linker

Re: Determining safe starting thresholds for Zone Protection

Excellent post! Thank you for the link.



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!