Do we require DDoS protection ( Zone Protection ) if we have only two TCP services open to the internet.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Do we require DDoS protection ( Zone Protection ) if we have only two TCP services open to the internet.

L2 Linker

We only have IPsec tunnels on the firewall. 

1 accepted solution

Accepted Solutions

L4 Transporter

Actually it is a bit more than only protecting about flooding attacks.

In the ZP, you can set some protection against port scanning (reconnaissance attacks), you can drop some improper packets (that may sometimes affect applications, but that's rare).

Anyway, in today's Internet, ZP protection is a must-have (I think it is also a best practice to enable it).
The configuration of it ... it is up to everyone's requirement I guess.

 

Olivier

PCSNE - CISSP

Best Effort contributor

Check out our PANCast Channel

Disclaimer : All messages are my personal ones and do not represent my company's view in any way.

View solution in original post

2 REPLIES 2

L4 Transporter

Hello @Kandarp_Desai 

 

The zone/DoS protections are there to save your firewall resources from traffic flooding.

If you think that there won't be any flooding in your network, then you do not need to enable them.

 

 

Anoopkumar
Network Security Engineer

L4 Transporter

Actually it is a bit more than only protecting about flooding attacks.

In the ZP, you can set some protection against port scanning (reconnaissance attacks), you can drop some improper packets (that may sometimes affect applications, but that's rare).

Anyway, in today's Internet, ZP protection is a must-have (I think it is also a best practice to enable it).
The configuration of it ... it is up to everyone's requirement I guess.

 

Olivier

PCSNE - CISSP

Best Effort contributor

Check out our PANCast Channel

Disclaimer : All messages are my personal ones and do not represent my company's view in any way.

  • 1 accepted solution
  • 1162 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!