02-27-2018 05:51 AM
I need to configure zone protection, how to find the number of connetion per second for each zone.
I tried with "show session info" and i can see "new connection establish rate" but i need to take the average for 2 or 3 weeks.
So if its on the snmp which ouid i have to use to monitor or any other method to identify the connection per second on each zone.
02-27-2018 06:09 AM
I don't really know of a good way to actually do this at all. What I usually recommend is that you set the 'Activate' and 'Maximum' values to something that you know you aren't going to hit; even if that's your platforms max session rate. Then you play around with the 'Alarm' rate until you essentially baseline the traffic.
Then make sure that your 'Action' for your Reconnaissance Protection is 'alert', and you can do the same here and play around with any source exclusions that you need to make.
Packet Based Attack Protection is something that you'll need to read up on and probably enable outside of business hours to ensure you don't cause any issues. All of these are detailed and you can make the determination on whether or not you want it on, but this is usually where people run into issues with legit traffic getting dropped when they first enable ZP.
Hope that helps a bit.
02-27-2018 08:04 AM
The way I have done it in the past was take the default vaules. If after a month nothing got blocked, I would halve the values. Then keep this going until we saw an impact and then ramp it back up.
02-27-2018 09:30 PM
Bpry & Otakar.Klier,
Thanks for sharing your experience. Environment is critical and needs to applied for 6 location, security team will not allow this approach.
Any other methods available ??
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!