How to Verify if Zone Protection is Working

Printer Friendly Page

There are a few ways to make sure Zone Protection is working:

Threat logs

The threat logs will show events related to zone protection. In the screenshot below, ICMP flood protection was triggered by the Zone Protection policy

6-20-2012 9-27-03 AM.png

Command Line Interface

Many commands can be used to verify this functionality. Here are some examples:

  • Running the command show zone-protection zone trust, for example, will display zone protection information for the zone named "trust". Look for incrementing drop counters.

7-26-2012 4-38-12 PM.png

  • show interface ethernet1/1 will show statistics for that interface including "LAND attacks" which are related to Zone Protection

7-26-2012 4-39-09 PM.png

  • The show counter global command will give outputs for packets dropped by DOS protection. IT is important to verify the receive and sent rates to verify how many packets are being dropped by this attack.

7-26-2012 4-39-53 PM.png

owner: nayubi

Comments

This article is rather insufficient however to its defence it is a rather old article (2012).


There are 3 types of zone protection methods:  Flood protection (measured in pps), reconnaissance (averaged within a configured interval 2 - 65K seconds) and packet based.


I recommend publishing an article on each of the above protection methods - since the method of determining the correct setting and verification is quite different for each method. 

Harald,

 

Thank you for the comments, this article is under review by our engineers.  We will advise if it is updated or archived.

Hi Harald,

 

determining the correct setting for each different method is outside the scope of this article.  That being said, having an article on each of the above mentioned protection methods isn't a bad idea and can be considered for future articles.    Note that community members can also write and submit articles and get eternal fame and glory in return ^_^.

 

Cheers !

-Kiwi