How to Verify if Zone Protection is Working
86827
Created On 09/25/18 20:34 PM - Last Modified 07/23/20 22:19 PM
Symptom
This article describes there are a few ways to make sure Zone Protection is working.
Resolution
Threat logs
The threat logs will show events related to zone protection. In the screenshot below, ICMP flood protection was triggered by the Zone Protection policy:
Command Line Interface
Many commands can be used to verify this functionality. Here are some examples:
- Running the command show zone-protection zone trust, for example, will display zone protection information for the zone named "trust". Look for incrementing drop counters.
- show interface ethernet1/1 will show statistics for that interface including "LAND attacks" which are related to Zone Protection
- The show counter global command will give outputs for packets dropped by DOS protection. It is important to verify the receive and sent rates to verify how many packets are being dropped by this attack.