interpreting SNMP OIDs for Scan and Flood associated with Zone/DoS Protection
21321
Created On 04/24/20 17:00 PM - Last Modified 03/12/22 05:08 AM
Symptom
What-are-SNMP-OIDs-for-Scan-and-Flood-for-Zone-DoS-Protection
Environment
- Palo Alto Firewalls.
- PAN-OS 8.1 and above.
- SNMP configured.
Resolution
Zone/DOS Protection related PAN-COMMON-MIB SNMP counters
1. panGlobalCountersDOSCounters | ||
| Name | OID | Description |
| panFlowDosAgMaxSessLimit | .1.3.6.1.4.1.25461.2.1.2.1.19.8.1 | #Session limit reached for aggregate profile, drop session |
| panFlowDosBlkNumEntries | .1.3.6.1.4.1.25461.2.1.2.1.19.8.2 | #entries in DOS block table |
| panFlowDosClMaxSessLimit | .1.3.6.1.4.1.25461.2.1.2.1.19.8.3 | #Session limit reached for classified profile, drop session |
| panFlowDosClSyncookieAckErr | .1.3.6.1.4.1.25461.2.1.2.1.19.8.4 | #TCP SYN cookies:Invalid ACKs received, classified profile |
| panFlowDosClSyncookieAckRcv | .1.3.6.1.4.1.25461.2.1.2.1.19.8.5 | #TCP SYN cookies:ACKs to cookies received, classified profile |
| panFlowDosClSyncookieBlkDur | .1.3.6.1.4.1.25461.2.1.2.1.19.8.6 | #Packets dropped:Flagged for blocking and under block duration for classified profile |
| panFlowDosClSyncookieMax | .1.3.6.1.4.1.25461.2.1.2.1.19.8.7 | #Packet dropped:SYN cookies maximum threshold reached, classified profile |
| panFlowDosClSyncookieSent | .1.3.6.1.4.1.25461.2.1.2.1.19.8.8 | #TCP SYN cookies:cookies sent, classified profile |
| panFlowMeterVsysThrottle | .1.3.6.1.4.1.25461.2.1.2.1.19.8.9 | #Session metering:sessions throttled by vsys configuration |
| panFlowPolicyDeny | .1.3.6.1.4.1.25461.2.1.2.1.19.8.10 | #Session setup:denied by policy |
| panFlowPolicyNat | .1.3.6.1.4.1.25461.2.1.2.1.19.8.11 | #Session setup:source NAT IP/port allocation error |
| panFlowScanDrop | .1.3.6.1.4.1.25461.2.1.2.1.19.8.12 | #Session setup:denied by scan detection |
| panFlowDosDropIpBlocked | .1.3.6.1.4.1.25461.2.1.2.1.19.8.13 | #Packets dropped:Flagged for blocking and under block duration by other |
| panFlowDosRedIcmp | .1.3.6.1.4.1.25461.2.1.2.1.19.8.14 | #Packets dropped:Zone protection protocol 'icmp' RED |
| panFlowDosRedIcmp6 | .1.3.6.1.4.1.25461.2.1.2.1.19.8.15 | #Packets dropped:Zone protection protocol 'icmpv6' RED |
| panFlowDosRedIp | .1.3.6.1.4.1.25461.2.1.2.1.19.8.16 | #Packets dropped:Zone protection protocol 'other-ip' RED |
| panFlowDosRedTcp | .1.3.6.1.4.1.25461.2.1.2.1.19.8.17 | #Packets dropped:Zone protection protocol 'tcp-syn' RED |
| panFlowDosRedUdp | .1.3.6.1.4.1.25461.2.1.2.1.19.8.18 | #Packets dropped:Zone protection protocol 'udp' RED |
| panFlowDosRuleAgBlkDur | .1.3.6.1.4.1.25461.2.1.2.1.19.8.19 | #Packets dropped:Flagged for blocking and under block duration for aggregate profile |
| panFlowDosRuleAgRedAct | .1.3.6.1.4.1.25461.2.1.2.1.19.8.20 | #Packets dropped:Activate aggregate RED threshold reached, random early detection |
| panFlowDosRuleAgRedMax | .1.3.6.1.4.1.25461.2.1.2.1.19.8.21 | #Packets dropped:Maximal aggregate RED threshold reached |
| panFlowDosRuleDeny | .1.3.6.1.4.1.25461.2.1.2.1.19.8.22 | #Packets dropped:Denied action by DoS policy |
| panFlowDosRuleDrop | .1.3.6.1.4.1.25461.2.1.2.1.19.8.23 | #Packets dropped:Rate limited or IP blocked |
| panFlowDosRuleDropAggr | .1.3.6.1.4.1.25461.2.1.2.1.19.8.24 | #Packets dropped:due to aggregate rate limiting |
| panFlowDosRuleDropClBlkDur | .1.3.6.1.4.1.25461.2.1.2.1.19.8.25 | #Packets dropped:Flagged for blocking and under block duration for classified profile |
| panFlowDosRuleDropClRedAct | .1.3.6.1.4.1.25461.2.1.2.1.19.8.26 | #Packets dropped:Activate classified RED threshold reached, random early detection |
| panFlowDosRuleDropClRedMax | .1.3.6.1.4.1.25461.2.1.2.1.19.8.27 | #Packets dropped:Maximal classified RED threshold reached |
| panFlowDosRuleDropClassified | .1.3.6.1.4.1.25461.2.1.2.1.19.8.28 | #Packets dropped:due to classified rate limiting |
| panFlowDosSyncookieBlkDur | .1.3.6.1.4.1.25461.2.1.2.1.19.8.29 | #Packets dropped:Flagged for blocking and under block duration for aggregate profile |
| panFlowDosSyncookieMax | .1.3.6.1.4.1.25461.2.1.2.1.19.8.30 | #Packet dropped:SYN cookies maximum threshold reached, aggregate profile |
| panFlowDosZoneRedAct | .1.3.6.1.4.1.25461.2.1.2.1.19.8.31 | #Packets dropped:Activate zone RED threshold reached, random early drop |
| panFlowDosZoneRedMax | .1.3.6.1.4.1.25461.2.1.2.1.19.8.32 | #Packets dropped:Maximal zone RED threshold reached |
| panFlowDosBlkSwEntries | .1.3.6.1.4.1.25461.2.1.2.1.19.8.33 | #entries in DOS Software block table |
| panFlowDosBlkHwEntries | .1.3.6.1.4.1.25461.2.1.2.1.19.8.34 | #entries in DOS Hardware block table |
| panFlowDosSyncookieNotTcpSyn | .1.3.6.1.4.1.25461.2.1.2.1.19.8.35 | #TCP SYN cookies:TCP SYN cookie not SYN |
| panFlowDosSyncookieNotTcpSynAck | .1.3.6.1.4.1.25461.2.1.2.1.19.8.36 | #TCP SYN cookies:TCP SYN cookie not SYN-ACK |
| panFlowDosPfIpspoof | .1.3.6.1.4.1.25461.2.1.2.1.19.8.37 | #Packets dropped:Zone protection option 'discard-ip-spoof' |
| panFlowDosPfIpfrag | .1.3.6.1.4.1.25461.2.1.2.1.19.8.38 | #Packets dropped:Zone protection option 'discard-ip-frag' |
| panFlowDosPfPing0 | .1.3.6.1.4.1.25461.2.1.2.1.19.8.39 | #Packets dropped:Zone protection option 'discard-icmp-ping-zero-id' |
| panFlowDosPfIcmpfrag | .1.3.6.1.4.1.25461.2.1.2.1.19.8.40 | #Packets dropped:Zone protection option 'discard-icmp-frag' |
| panFlowDosPfIcmplpkt | .1.3.6.1.4.1.25461.2.1.2.1.19.8.41 | #Packets dropped:Zone protection option 'discard-icmp-large-packet' |
| panFlowDosPfIcmperr | .1.3.6.1.4.1.25461.2.1.2.1.19.8.42 | #Packets dropped:Zone protection option 'discard-icmp-error' |
| panFlowDosPfNoreplyttl | .1.3.6.1.4.1.25461.2.1.2.1.19.8.43 | #Packets dropped:Zone protection option 'suppress-icmp-timeexceeded' |
| panFlowDosPfNoreplyneedfrag | .1.3.6.1.4.1.25461.2.1.2.1.19.8.44 | #Packets dropped:Zone protection option 'suppress-icmp-needfrag' |
| panFlowDosPfStrictsource | .1.3.6.1.4.1.25461.2.1.2.1.19.8.45 | #Packets dropped:Zone protection option 'discard-strict-source-routing' |
| panFlowDosPfLoosesource | .1.3.6.1.4.1.25461.2.1.2.1.19.8.46 | #Packets dropped:Zone protection option 'discard-loose-source-routing' |
| panFlowDosPfTimestamp | .1.3.6.1.4.1.25461.2.1.2.1.19.8.47 | #Packets dropped:Zone protection option 'discard-timestamp' |
| panFlowDosPfRecordroute | .1.3.6.1.4.1.25461.2.1.2.1.19.8.48 | #Packets dropped:Zone protection option 'discard-record-route' |
| panFlowDosPfSecurity | .1.3.6.1.4.1.25461.2.1.2.1.19.8.49 | #Packets dropped:Zone protection option 'discard-security' |
| panFlowDosPfSatnetid | .1.3.6.1.4.1.25461.2.1.2.1.19.8.50 | #Packets dropped:Zone protection option 'discard-stream-id' |
| panFlowDosPfUnknown | .1.3.6.1.4.1.25461.2.1.2.1.19.8.51 | #Packets dropped:Zone protection option 'discard-unknown-option' |
| panFlowDosPfBadoption | .1.3.6.1.4.1.25461.2.1.2.1.19.8.52 | #Packets dropped:Zone protection option 'discard-malformed-option' |
| panFlowDosPfTcpoverlappingmismatch | .1.3.6.1.4.1.25461.2.1.2.1.19.8.53 | #Packets dropped:Zone protection option 'discard-overlapping-tcp-segment-mismatch' |
| panFlowDosPfStrictip | .1.3.6.1.4.1.25461.2.1.2.1.19.8.54 | #Packets dropped:Zone protection option 'strict-ip-check' |
| panFlowDosPfTcpsplithandshake | .1.3.6.1.4.1.25461.2.1.2.1.19.8.55 | #Packets dropped:Zone protection option 'discard-tcp-split-handshake' |
| panFlowDosPfTcpsyndata | .1.3.6.1.4.1.25461.2.1.2.1.19.8.56 | #Packets dropped:Zone protection option 'discard-tcp-syn-with-data' |
| panFlowDosPfTcpsynackdata | .1.3.6.1.4.1.25461.2.1.2.1.19.8.57 | #Packets dropped:Zone protection option 'discard-tcp-synack-with-data' |
| panFlowDosIp6Route0 | .1.3.6.1.4.1.25461.2.1.2.1.19.8.58 | #Packets dropped:Zone protection option 'routing-header-0' |
| panFlowDosIp6Route1 | .1.3.6.1.4.1.25461.2.1.2.1.19.8.59 | #Packets dropped:Zone protection option 'routing-header-1' |
| panFlowDosIp6Route3 | .1.3.6.1.4.1.25461.2.1.2.1.19.8.60 | #Packets dropped:Zone protection option 'routing-header-3' |
| panFlowDosIp6Route4to252 | .1.3.6.1.4.1.25461.2.1.2.1.19.8.61 | #Packets dropped:Zone protection option 'routing-header-4-252' |
| panFlowDosIp6Route253 | .1.3.6.1.4.1.25461.2.1.2.1.19.8.62 | #Packets dropped:Zone protection option 'routing-header-253' |
| panFlowDosIp6Route254 | .1.3.6.1.4.1.25461.2.1.2.1.19.8.63 | #Packets dropped:Zone protection option 'routing-header-254' |
| panFlowDosIp6Route255 | .1.3.6.1.4.1.25461.2.1.2.1.19.8.64 | #Packets dropped:Zone protection option 'routing-header-255' |
| panFlowDosIp6Ip4cmpt | .1.3.6.1.4.1.25461.2.1.2.1.19.8.65 | #Packets dropped:Zone protection option 'ipv4-compatible-address' |
| panFlowDosIp6Acast | .1.3.6.1.4.1.25461.2.1.2.1.19.8.66 | #Packets dropped:Zone protection option 'anycast-source' |
| panFlowDosIp6OptionsInvalidIPv6 | .1.3.6.1.4.1.25461.2.1.2.1.19.8.67 | #Packets dropped:Zone protection option 'options-invalid-ipv6-discard' |
| panFlowDosIp6Icmpv6ErrorInvalid | .1.3.6.1.4.1.25461.2.1.2.1.19.8.68 | #Packets dropped:Zone protection option 'icmpv6-too-big-small-mtu-discard' |
| panFlowDosIp6NeedlessIpv6FragHdr | .1.3.6.1.4.1.25461.2.1.2.1.19.8.69 | #Packets dropped:Zone protection option 'needless-fragment-hdr' |
| panFlowDosIp6RsvdSet | .1.3.6.1.4.1.25461.2.1.2.1.19.8.70 | #Packets dropped:Zone protection option 'reserved-field-set-discard' |
| panFlowDosIPv6ExtHdrHopByHop | .1.3.6.1.4.1.25461.2.1.2.1.19.8.71 | #Packets dropped:Zone protection option 'hop-by-hop-hdr' |
| panFlowDosip6IPv6ExtHdrRouting | .1.3.6.1.4.1.25461.2.1.2.1.19.8.72 | #Packets dropped:Zone protection option 'routing-hdr' |
| panFlowDosIp6IPv6ExtHdrDestOpt | .1.3.6.1.4.1.25461.2.1.2.1.19.8.73 | #Packets dropped:Zone protection option 'dest-option-hdr' |
| panFlowDosPbpDrop | .1.3.6.1.4.1.25461.2.1.2.1.19.8.74 | #Packets dropped:Dropped by packet buffer protection RED |
| panFlowDosCurrSessIncrFailed | .1.3.6.1.4.1.25461.2.1.2.1.19.8.75 | #Unable to increment current session count on session create |
| panFlowDosCurrSessDecrFailed | .1.3.6.1.4.1.25461.2.1.2.1.19.8.76 | #Unable to decrement current session count on session delete |
2. panGlobalCountersDropCounters | ||
| Name | OID | Description |
| panFlowFwdL3TtlZero | .1.3.6.1.4.1.25461.2.1.2.1.19.9.1 | #Packets dropped:IP TTL reaches zero |
| panFlowMeterHostThrottle | .1.3.6.1.4.1.25461.2.1.2.1.19.9.2 | Session metering:sessions throttled by management session threshold!@#Session metering:sessions throttled by management session threshold |
| panFlowHostServiceDeny | .1.3.6.1.4.1.25461.2.1.2.1.19.9.3 | #Device management session denied |
| panFlowHostServiceUnknown | .1.3.6.1.4.1.25461.2.1.2.1.19.9.4 | #Session discarded:unknown application to control plane |
| panPktAllocFailure | .1.3.6.1.4.1.25461.2.1.2.1.19.9.5 | #Packet allocation erro |
| panPktAllocFailureCos | .1.3.6.1.4.1.25461.2.1.2.1.19.9.6 | #Packet allocation error due to QoS control |
| panSessionDiscard | .1.3.6.1.4.1.25461.2.1.2.1.19.9.7 | #Session set to discard by security policy check |
3. panGlobalCountersIPFragmentationCounters | ||
| Name | OID | Description |
| panFlowIpfragFragErr | .1.3.6.1.4.1.25461.2.1.2.1.19.10.1 | #Packet dropped:IP fragmentation erro |
| panFlowIpfragRecv | .1.3.6.1.4.1.25461.2.1.2.1.19.10.2 | IP fragments received!@#IP fragments receive |
4. panGlobalCountersTCPState | ||
| Name | OID | Description |
| panTcpAllocWqeFailed | .1.3.6.1.4.1.25461.2.1.2.1.19.11.1 | #wqe allocation failure in tcp |
| panTcpDeny | .1.3.6.1.4.1.25461.2.1.2.1.19.11.2 | #session denied because of failure in tcp reassembl |
| panTcpDropOutOfWnd | .1.3.6.1.4.1.25461.2.1.2.1.19.11.3 | #out-of-window packets dropped |
| panTcpDropPacket | .1.3.6.1.4.1.25461.2.1.2.1.19.11.4 | #packets dropped because of failure in tcp reassembly |
| panFlowActionClose | .1.3.6.1.4.1.25461.2.1.2.1.19.11.5 | #TCP sessions closed via injecting RST |
| panFlowActionReset | .1.3.6.1.4.1.25461.2.1.2.1.19.11.6 | #TCP clients reset via responding RST |
| panFlowTcpNonSyn | .1.3.6.1.4.1.25461.2.1.2.1.19.11.7 | #Non-SYN TCP packets without session match |
| panTcpExceedSegLimit | .1.3.6.1.4.1.25461.2.1.2.1.19.11.8 | #packets dropped due to the limitation on global tcp out-of-order pack |