How to determine Average Peak Traffic for PA-200

Reply
Highlighted
L1 Bithead

How to determine Average Peak Traffic for PA-200

I am a newbie to the Pan-OS and would like to fine tune the Zone Protection profile - Syn flood settings, etc. based on our average peak traffic (packets per second). What is the easiest way to determine the average peak packets per second?

L7 Applicator

Re: How to determine Average Peak Traffic for PA-200

Hello Sir,

You will get the packet rate from CLI command:

admin@PAN> show session info | match rate

Packet rate:                                     4/s  >>>>>>>>>>>>>>>

New connection establish rate:                   0 cps

Session accelerated aging:                       True

  Accelerated aging threshold:                   80% of utilization

Pcap token bucket rate                         : 10485760

You can use the ACC report  to get traffic trend through your PAN firewall ( based on session, Byte,Threat).

Protection profile settings apply to the ingress zone (i.e. the zone where traffic enters the firewall). Zone protection settings apply to all interfaces within the zone for which the profile is configured.:

For your reference:

Threat Prevention Deployment Tech Note

Understanding DoS Protection

Note: Zone protection is only enforced when there is no session match for the packet. If the packet matches an existing session, it will bypass the zone protection setting.

Thanks

L7 Applicator

Re: How to determine Average Peak Traffic for PA-200

L1 Bithead

Re: How to determine Average Peak Traffic for PA-200

Thanks for the tip!

So, if my packet rate hovers between 200-800 s , is it safe to assume that the defaults of 10,000 in Zone Protection profile are too high of threshold? What would be ideal?

L7 Applicator

Re: How to determine Average Peak Traffic for PA-200

Hello Sir,

I do agree that 10,000 packet/sec would be high compared to the current packet rate. But, also I would recommend you to take a statistics of packet rate for last 7 days and accordingly configure a safe limit on your production PAN firewall.

Thanks

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!