SYN Flood

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

SYN Flood

Not applicable

hi : I have a question in regard to Flood Protection Thresholds under Zone Protection. Do the thresholds for Alert/Activate/Maximum apply to counting SYN packets directed at a partuicular host or to counting SYN packets directed at all the hosts in the protected zone.

The online documentatio specifies "destination" which implies a particular IP while the the Zore Protection Guide specifies "destination zone" which implies something else.

Thanks

4 REPLIES 4

L4 Transporter

Hi,

to my knwoledge you can apply protection profiles to zones only.

rgds

Roland

L4 Transporter

In my testing, it applied to the zones.

You can view the counters in the CLI with the command show zone-protection zone zone-name

Not applicable

hi : The reason I asked my question was that I thought that SYN flood protection was for individual hosts like web servers rather than protection for  a zone. If I set alert/activate/maximum thresholds at 10000/10000/40000 and if these numbers apply to the total number of SYN Flood packets sent to a zone/sec then it does not help me if my web server goes belly up after 9000 SYN flood packets/sec. Thanks.

L4 Transporter

absolutely, I agee and understand your requirement. I just know PAN is working on this to make it more granular maybe in 4.0 ?

https://live.paloaltonetworks.com/message/3207#3207

rgds

Roland

  • 2840 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!