From the description we see that the inbuilt rule has taken charge. What we will have to look is at the time of issue did we see any DOS or zone protection profile counters triggered.(If they are configured )
This can be seen by " less dp0-log dp-monitor.log" Also we can check the commands to see the triggers for the syn flood
show dos-protection rule <rule name>
show zone-protection zone <zone name>
Example for Dos counters:
Thx for your comments.
to make it more visible and comprehensible what the zero point is:
- log entry
- DoS rule
- DoS protection profil
- DoS global counters
what i understood so far is that there seems to be a inbuilt rule which was taken in advance because the limitation of our own DoS-protection rule isn't as narrow as the default
where can i get information about the settings of the any-allow rule ? it sounds also strange to me to call a rule any-allow and then drop the packets. anywhere,
but there should be a clue to the inbuilt rule
I am not sure if this is an unlisted bug but if you have time to upgrade it will be better.
There are some Dos related issues (49337—Traffic was blocked even though the DoS Protection policy was configured to allow it. - but written that fixed with 5.0.5)
Have you ever used "any_allow" name for a rule ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!