zone protection

Reply
bat
L5 Sessionator

Re: zone protection

I think the syn+fin packets should drop without zone protection or DoS policy in place.

L3 Networker

Re: zone protection

Can we confirm if synfin are dropped by default without zp and Dos policy. 

Thank You Sharma and Hardik. I have checked the zp in the threat logs. It is same what you showed in the screen shot.

L5 Sessionator

Re: zone protection

Any non-syn is dropped by default. But if an attack occurs and firewall is bombarded with syn-fin packets, it will open a session with syn packet and kill the session with fin.  If the rate is excessive for syn-fin then cpu might go really high. So zone protection will help in that scenario.  Hope this helps.

Highlighted
L2 Linker

Re: zone protection

Does anyone now if there is a way to proactively alert when a port scan has been detected? In the threat logs, I can see the alert of a port scan but the severity level is medium and the alert id is 8001 and you cannot change the severity. We are sending email alerts on all critical threats and we do not want to start sending email alerts on severity of medium as this will generate a lot of noise. 

thanks all in advance

L7 Applicator

Re: zone protection

You can follow the procedure in DOC-3779 to fire an email for a specific threat.  It does require setting up a specific policy and email profile to fire the alert.

How to Receive Email Threat Notification from the firewall

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!