How to Verify if Zone Protection is Working

How to Verify if Zone Protection is Working

79632
Created On 09/25/18 20:34 PM - Last Modified 07/23/20 22:19 PM


Symptom


This article describes there are a few ways to make sure Zone Protection is working.

Resolution


Threat logs

The threat logs will show events related to zone protection. In the screenshot below, ICMP flood protection was triggered by the Zone Protection policy:

ICMP flood protection was triggered by the Zone Protection policy.

Command Line Interface

Many commands can be used to verify this functionality. Here are some examples:

  • Running the command show zone-protection zone trust, for example, will display zone protection information for the zone named "trust". Look for incrementing drop counters.

Running the command show zone-protection zone trust, for example, will display zone protection information for the zone named "trust". Look for incrementing drop counters.

  • show interface ethernet1/1 will show statistics for that interface including "LAND attacks" which are related to Zone Protection

show interface ethernet1/1 will show statistics for that interface including "LAND attacks" which are related to Zone Protection

  • The show counter global command will give outputs for packets dropped by DOS protection. It is important to verify the receive and sent rates to verify how many packets are being dropped by this attack.

The show counter global command will give outputs for packets dropped by DOS protection. It is important to verify the receive and sent rates to verify how many packets are being dropped by this attack.



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhzCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language