Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Idenfiy number of connection of per zone with or without snmp

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Idenfiy number of connection of per zone with or without snmp

L2 Linker

Dear All,

               I need to configure zone protection, how to find the number of connetion per second for each zone.

 

I tried with "show session info" and i can see "new connection establish rate" but i need to take the average for 2 or 3 weeks.

So if its on the snmp which ouid i have to use to monitor or any other method to identify the connection per second on each zone.

 

with regards,

Ram

3 REPLIES 3

Cyber Elite
Cyber Elite

@RamBalaji,

I don't really know of a good way to actually do this at all. What I usually recommend is that you set the 'Activate' and 'Maximum' values to something that you know you aren't going to hit; even if that's your platforms max session rate. Then you play around with the 'Alarm' rate until you essentially baseline the traffic. 

Then make sure that your 'Action' for your Reconnaissance Protection is 'alert', and you can do the same here and play around with any source exclusions that you need to make. 

Packet Based Attack Protection is something that you'll need to read up on and probably enable outside of business hours to ensure you don't cause any issues. All of these are detailed and you can make the determination on whether or not you want it on, but this is usually where people run into issues with legit traffic getting dropped when they first enable ZP. 

 

Hope that helps a bit. 

Cyber Elite
Cyber Elite

Hello,

The way I have done it in the past was take the default vaules. If after a month nothing got blocked, I would halve the values. Then keep this going until we saw an impact and then ramp it back up.

 

Cheers!

Bpry & Otakar.Klier,

                                     Thanks for sharing your experience. Environment is critical and needs to applied for 6 location, security team will not allow this approach.

Any other methods available ??

 

with regards,

Ram

  • 2765 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!