Anyone enable zone protection for protect and drop scan ip and ports from untrust / internet to DMZ or untrust ?
i enabled it but I have alerts only from DMZ to untrust and not from untrust to DMZ or untrust to untrust.
Have you actually toned it for your environment. The thing with ZPP is that they need to be customized to your environment; the defaults won't do you any good.
How do you determine the right settings, are there general guidelines or some reference available?
When it comes to flood protection you need to adjust the alarm rate based off of the information you can gather through a netflow capture, or you can simply take a guess and adjust as needed. Just ensure that you are only lowering the alarm rate and not the activate and maximum values and you'll only trigger a log when that rate is hit.
For Reconnaissance Protection you can set the action to alert and mess around with the interval/threshold value as you see fit. Again, as long as it is only set to alert no negative action will take place.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!