About fhewiufhwefhwe

  Example of SNMP monitoring.  That being said, it is painful / somewhat manual to setup. ... View more

I did not mean the threshold under Reconnaissance Protection.  I mean the threshold under Flood Protection.  The defaults are 10,000 fro Alarm Rate and Activate, and 40,000 for maximum connections/sec. ... View more

This article might help.  I've been meaning to read it myself and figure out how to setup snmp monitoring for DoS.   https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClOKCA0 ... View more

Have you tried increasing the thresholds under SYN Flood Protection then?  How high is your firewall on resource utilization?  I'm wondering if you might be able to use SYN Cookies instead of Random Early Drop action?   Note that I have not tried this myself.   I'm also thinking that you might want to setup SNMP monitoring the DoS counters on the firewall.  I recently tried to configure this, but have not had success yet. ... View more

DNS does use UDP, but can also use TCP over port 53 as well.  Any way if you have site-to-site vpn or something similar, you may want some exclusions to Dos / Zone protections policies. ... View more

Do you have source address exclusions under Reconnaissance Protection?  You may want to include highly trusted items on your allow list there, such as internal DNS forwarders if you have them. ... View more

Did you look under Objects -> Security Profiles -> Dos Protection?   Th default block duration is 5 minutes.. ... View more

zone protection ... View more

I am trying a possible solution from another user's post after being unsuccessful resolving this for a while https://live.paloaltonetworks.com/t5/general-topics/rdp-freeze-fix-globalprotect/m-p/335816/highlight/false#M84643   They said the following:   We struggled with the RDP freezing issue with GlobalProtect for a long time.  The initial "fix" was to disable UDP for RDP in the registry.  This fixed the issue for many users but also slowed down the RDP performance.  We thought the issue was with GlobalProtect but after troubleshooting with Palo Alto we were able to see that at some point the remote PC just simply stopped sending RDP packets. We opened a case with Microsoft and they gave us a registry fix to try that fixed all our RDP freeze issues and allowed us to re-enable UDP for RDP.   Important: This regedit goes on the machine you are remoting into, not the machine you are remoting from.   HKLM\SOFTWARE\Microsoft\Terminal Server Client UseURCP (Create this new DWORD with value of 0)   You can use this from a command prompt as long as you have admin privileges on the box: REG ADD "HKLM\SOFTWARE\Microsoft\Terminal Server Client" /v UseURCP /t REG_DWORD /d 0 /f   If you previously disabled UDP for RDP you can re-enable it. ... View more

Thanks for sharing.  I hope this works.  I've been taking packet captures on the firewall and the machine remoting into to try to figure this out. ... View more

Thanks, I will take a look at PRTG.   I already am forwarding logs to two Syslog servers, but also didn't see the alarms there. ... View more

I downloaded system logs to csv.  While I see when I manually cleared logs that were near capacity, I do not see any warnings about logs being full.  Do you happen to know the type, event, or description key word?  I looked at everything with log in the description, and didn't see it. ... View more