01-25-2011 07:46 AM
hi : I have a question in regard to Flood Protection Thresholds under Zone Protection. Do the thresholds for Alert/Activate/Maximum apply to counting SYN packets directed at a partuicular host or to counting SYN packets directed at all the hosts in the protected zone.
The online documentatio specifies "destination" which implies a particular IP while the the Zore Protection Guide specifies "destination zone" which implies something else.
Thanks
01-25-2011 09:11 AM
Hi,
to my knwoledge you can apply protection profiles to zones only.
rgds
Roland
01-25-2011 09:13 AM
In my testing, it applied to the zones.
You can view the counters in the CLI with the command show zone-protection zone zone-name
01-25-2011 10:44 AM
hi : The reason I asked my question was that I thought that SYN flood protection was for individual hosts like web servers rather than protection for a zone. If I set alert/activate/maximum thresholds at 10000/10000/40000 and if these numbers apply to the total number of SYN Flood packets sent to a zone/sec then it does not help me if my web server goes belly up after 9000 SYN flood packets/sec. Thanks.
01-25-2011 10:59 AM
absolutely, I agee and understand your requirement. I just know PAN is working on this to make it more granular maybe in 4.0 ?
https://live.paloaltonetworks.com/message/3207#3207
rgds
Roland
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
