SYN Flood

Reply
wlu
Not applicable

SYN Flood

hi : I have a question in regard to Flood Protection Thresholds under Zone Protection. Do the thresholds for Alert/Activate/Maximum apply to counting SYN packets directed at a partuicular host or to counting SYN packets directed at all the hosts in the protected zone.

The online documentatio specifies "destination" which implies a particular IP while the the Zore Protection Guide specifies "destination zone" which implies something else.

Thanks

gafrol
L4 Transporter

Hi,

to my knwoledge you can apply protection profiles to zones only.

rgds

Roland

mharding
L4 Transporter

In my testing, it applied to the zones.

You can view the counters in the CLI with the command show zone-protection zone zone-name

wlu
Not applicable

hi : The reason I asked my question was that I thought that SYN flood protection was for individual hosts like web servers rather than protection for  a zone. If I set alert/activate/maximum thresholds at 10000/10000/40000 and if these numbers apply to the total number of SYN Flood packets sent to a zone/sec then it does not help me if my web server goes belly up after 9000 SYN flood packets/sec. Thanks.

gafrol
L4 Transporter

absolutely, I agee and understand your requirement. I just know PAN is working on this to make it more granular maybe in 4.0 ?

https://live.paloaltonetworks.com/message/3207#3207

rgds

Roland

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!