- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-09-2020 08:55 AM
We have separate zone protection profiles for each zone. And the definition of aggregate says that "all thresholds apply to the entire group of devices specified in a DoS Protection policy rule". So if we are trying to protect servers in DMZ, unless we use smaller groups (for which our environment doesn't seem to have a usecase). Do we even need to use Aggregate DOS protection. Only using Classified seems more appropriate in this scenario,
Also as i understand, I should be able club multiple DMZ servers in same DOS policy and the thresholds will apply to each server individually.
11-10-2020 10:56 AM
So your understanding is that you shouldn't set an aggregate profile because you already have Zone Protection configured on the zone right? The zone protection can accomplish the same thing as an aggregate profile, but you would generally have your Zone Protection values set much higher than you ever would on a DoS profile. If you're just going to set those values high enough that your ZP would trip anyways then yes you wouldn't setup an aggregate profile.
11-09-2020 06:45 PM
Also as i understand, I should be able club multiple DMZ servers in same DOS policy and the thresholds will apply to each server individually.
If you have everything setup under just classified profile then yes that's correct.
So not knowing anything about your environment I can't tell you if you should use aggregate, but I can tell you that in the vast majority of environments you wouldn't throw all of your public services in the same DoS entry. If you're properly tuning your DoS profiles you shouldn't have the exact same values for your x website as you would have for y website or your Exchange server for instance. It's pretty rare I come across an environment where grouping them all under a sole entry is advisable.
11-10-2020 10:41 AM
@BPry I understand it can be different for classified depending server/application itself, but am I right in my understanding of aggregate vs zone protection profiles.
11-10-2020 10:56 AM
So your understanding is that you shouldn't set an aggregate profile because you already have Zone Protection configured on the zone right? The zone protection can accomplish the same thing as an aggregate profile, but you would generally have your Zone Protection values set much higher than you ever would on a DoS profile. If you're just going to set those values high enough that your ZP would trip anyways then yes you wouldn't setup an aggregate profile.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!