11-22-2012 05:17 AM
Hello,
I wanted to fine tune a bit the default (Alert=10000,
Activate=10000 and Max=40000) values on our Zone protection profile in order to
limit the number of syn flood attack that seem to me very high, but for do it I
need to monitor during some time our current new session p/s, and after day of
searching I couldn’t find any CLI commands or GUI option to do it.
Is there someone or may be Palo support can help me on
that??
Typically we had an attack two weeks ago and our FW mgmt. CPU
was at 100% after opening a support ticket for that, the only think that
support give us as advice was to reduce the logging generation… but I found out
by myself that first we didn’t have any Zone protection for this destination Zone
and after enabling this zone protection profile I see that the values are very
high.
So thanks for your help on that
