I have enabled Zone Protection Profile for untrusted Network as below
"1. Packet Based Attack Protection / Spoofed IP address disabled. Passed - Packet Based Attack Protection / Strict Source Routing enabled.
Loose Source Routing enabled.
Mismatched Overlapping TCP Segment disabled.
Loose Source Routing Failed -
Mismatched Overlapping TCP Segment"
"2. Packet Based Attack Protection > TCP/IP Drop. Set Spoofed IP address to be checked. Set Mismatched overlapping TCP segment to be checked. Under IP Option Drop, set Strict Source Routing, Loose Source Routing, and Malformed to all be checked"
but facing connection drop while enabling this profile in Trusted Zone. In that case how can i enable Zone Protection profile in Trusted zone or Not needed.
In this case shall i enable only below options as per the below KB Article
"Some Packet Based Attack Protection recommendations on the other hand apply somewhat equally to all organizations. For example, “unknown” and “malformed” IP options are generally unwanted and can be dropped. Selecting the options to drop “mismatched overlapping TCP segments” and “remove TCP timestamp” can prevent certain evasive techniques from being successful through the firewall, and are also generally recommended for all customers. In addition, you can prevent address spoofing in security zones by enabling protection against “Spoofed IP addresses”. This will ensure only traffic with source addresses that match the firewall routing table will be permitted on ingress."
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!