Can we confirm if synfin are dropped by default without zp and Dos policy.
Thank You Sharma and Hardik. I have checked the zp in the threat logs. It is same what you showed in the screen shot.
Any non-syn is dropped by default. But if an attack occurs and firewall is bombarded with syn-fin packets, it will open a session with syn packet and kill the session with fin. If the rate is excessive for syn-fin then cpu might go really high. So zone protection will help in that scenario. Hope this helps.
Does anyone now if there is a way to proactively alert when a port scan has been detected? In the threat logs, I can see the alert of a port scan but the severity level is medium and the alert id is 8001 and you cannot change the severity. We are sending email alerts on all critical threats and we do not want to start sending email alerts on severity of medium as this will generate a lot of noise.
thanks all in advance
You can follow the procedure in DOC-3779 to fire an email for a specific threat. It does require setting up a specific policy and email profile to fire the alert.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!