FYI It doesn't appear to require an attack to be an IP address bound to the PA.
It also appears that testing a remote firewall while egressing through a PA firewall causes your local firewall to experience DOS effects. It is not just inbound to an IP address of a PA's interface or NAT to that interface.
I did an hping3 of type 3 to a remote PA-3020 to test my flood protection in a Zone Protection configuration. In doing so, many of our cloud services became unresponsive through our HQ PA-5060 firewall the testing client was behind.
Sitting at 900 peak out of 120,000 on a regular basis so I don't think that was it. I'll test again specifically watching CPS in show session info as well as CPU utilization. As I recall, our Egress PA did not have any noticible fluctuations in CPU utilization during the hping3 test.
Interesting; keep us posted. Unless I'm completely remembering things wrong the PA wasn't supposed to be affected by this unless you hit the CPS limit due to someone trying to launch the attach.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!