SNMP OIDs for Scan and Flood associated with Zone/DoS Protection

SNMP OIDs for Scan and Flood associated with Zone/DoS Protection

23121
Created On 04/24/20 17:00 PM - Last Modified 02/27/26 17:06 PM


Symptom


What-are-SNMP-OIDs-for-Scan-and-Flood-for-Zone-DoS-Protection

Environment


  • Palo Alto Firewalls.
  • PAN-OS 8.1 and above.
  • SNMP configured.

Resolution


Zone/DOS Protection related PAN-COMMON-MIB SNMP counters

 

1. panGlobalCountersDOSCounters

NameOIDDescription
panFlowDosAgMaxSessLimit.1.3.6.1.4.1.25461.2.1.2.1.19.8.1#Session limit reached for aggregate profile, drop session
panFlowDosBlkNumEntries.1.3.6.1.4.1.25461.2.1.2.1.19.8.2#entries in DOS block table
panFlowDosClMaxSessLimit.1.3.6.1.4.1.25461.2.1.2.1.19.8.3#Session limit reached for classified profile, drop session
panFlowDosClSyncookieAckErr.1.3.6.1.4.1.25461.2.1.2.1.19.8.4#TCP SYN cookies:Invalid ACKs received, classified profile
panFlowDosClSyncookieAckRcv.1.3.6.1.4.1.25461.2.1.2.1.19.8.5#TCP SYN cookies:ACKs to cookies received, classified profile
panFlowDosClSyncookieBlkDur.1.3.6.1.4.1.25461.2.1.2.1.19.8.6#Packets dropped:Flagged for blocking and under block duration for classified profile
panFlowDosClSyncookieMax.1.3.6.1.4.1.25461.2.1.2.1.19.8.7#Packet dropped:SYN cookies maximum threshold reached, classified profile
panFlowDosClSyncookieSent.1.3.6.1.4.1.25461.2.1.2.1.19.8.8#TCP SYN cookies:cookies sent, classified profile
panFlowMeterVsysThrottle.1.3.6.1.4.1.25461.2.1.2.1.19.8.9#Session metering:sessions throttled by vsys configuration
panFlowPolicyDeny.1.3.6.1.4.1.25461.2.1.2.1.19.8.10#Session setup:denied by policy
panFlowPolicyNat.1.3.6.1.4.1.25461.2.1.2.1.19.8.11#Session setup:source NAT IP/port allocation error
panFlowScanDrop.1.3.6.1.4.1.25461.2.1.2.1.19.8.12#Session setup:denied by scan detection
panFlowDosDropIpBlocked.1.3.6.1.4.1.25461.2.1.2.1.19.8.13#Packets dropped:Flagged for blocking and under block duration by other
panFlowDosRedIcmp.1.3.6.1.4.1.25461.2.1.2.1.19.8.14#Packets dropped:Zone protection protocol 'icmp' RED
panFlowDosRedIcmp6.1.3.6.1.4.1.25461.2.1.2.1.19.8.15#Packets dropped:Zone protection protocol 'icmpv6' RED
panFlowDosRedIp.1.3.6.1.4.1.25461.2.1.2.1.19.8.16#Packets dropped:Zone protection protocol 'other-ip' RED
panFlowDosRedTcp.1.3.6.1.4.1.25461.2.1.2.1.19.8.17#Packets dropped:Zone protection protocol 'tcp-syn' RED
panFlowDosRedUdp.1.3.6.1.4.1.25461.2.1.2.1.19.8.18#Packets dropped:Zone protection protocol 'udp' RED
panFlowDosRuleAgBlkDur.1.3.6.1.4.1.25461.2.1.2.1.19.8.19#Packets dropped:Flagged for blocking and under block duration for aggregate profile
panFlowDosRuleAgRedAct.1.3.6.1.4.1.25461.2.1.2.1.19.8.20#Packets dropped:Activate aggregate RED threshold reached, random early detection
panFlowDosRuleAgRedMax.1.3.6.1.4.1.25461.2.1.2.1.19.8.21#Packets dropped:Maximal aggregate RED threshold reached
panFlowDosRuleDeny.1.3.6.1.4.1.25461.2.1.2.1.19.8.22#Packets dropped:Denied action by DoS policy
panFlowDosRuleDrop.1.3.6.1.4.1.25461.2.1.2.1.19.8.23#Packets dropped:Rate limited or IP blocked
panFlowDosRuleDropAggr.1.3.6.1.4.1.25461.2.1.2.1.19.8.24#Packets dropped:due to aggregate rate limiting
panFlowDosRuleDropClBlkDur.1.3.6.1.4.1.25461.2.1.2.1.19.8.25#Packets dropped:Flagged for blocking and under block duration for classified profile
panFlowDosRuleDropClRedAct.1.3.6.1.4.1.25461.2.1.2.1.19.8.26#Packets dropped:Activate classified RED threshold reached, random early detection
panFlowDosRuleDropClRedMax.1.3.6.1.4.1.25461.2.1.2.1.19.8.27#Packets dropped:Maximal classified RED threshold reached
panFlowDosRuleDropClassified.1.3.6.1.4.1.25461.2.1.2.1.19.8.28#Packets dropped:due to classified rate limiting
panFlowDosSyncookieBlkDur.1.3.6.1.4.1.25461.2.1.2.1.19.8.29#Packets dropped:Flagged for blocking and under block duration for aggregate profile
panFlowDosSyncookieMax.1.3.6.1.4.1.25461.2.1.2.1.19.8.30#Packet dropped:SYN cookies maximum threshold reached, aggregate profile
panFlowDosZoneRedAct.1.3.6.1.4.1.25461.2.1.2.1.19.8.31#Packets dropped:Activate zone RED threshold reached, random early drop
panFlowDosZoneRedMax.1.3.6.1.4.1.25461.2.1.2.1.19.8.32#Packets dropped:Maximal zone RED threshold reached
panFlowDosBlkSwEntries.1.3.6.1.4.1.25461.2.1.2.1.19.8.33#entries in DOS Software block table
panFlowDosBlkHwEntries.1.3.6.1.4.1.25461.2.1.2.1.19.8.34#entries in DOS Hardware block table
panFlowDosSyncookieNotTcpSyn.1.3.6.1.4.1.25461.2.1.2.1.19.8.35#TCP SYN cookies:TCP SYN cookie not SYN
panFlowDosSyncookieNotTcpSynAck.1.3.6.1.4.1.25461.2.1.2.1.19.8.36#TCP SYN cookies:TCP SYN cookie not SYN-ACK
panFlowDosPfIpspoof.1.3.6.1.4.1.25461.2.1.2.1.19.8.37#Packets dropped:Zone protection option 'discard-ip-spoof'
panFlowDosPfIpfrag.1.3.6.1.4.1.25461.2.1.2.1.19.8.38#Packets dropped:Zone protection option 'discard-ip-frag'
panFlowDosPfPing0.1.3.6.1.4.1.25461.2.1.2.1.19.8.39#Packets dropped:Zone protection option 'discard-icmp-ping-zero-id'
panFlowDosPfIcmpfrag.1.3.6.1.4.1.25461.2.1.2.1.19.8.40#Packets dropped:Zone protection option 'discard-icmp-frag'
panFlowDosPfIcmplpkt.1.3.6.1.4.1.25461.2.1.2.1.19.8.41#Packets dropped:Zone protection option 'discard-icmp-large-packet'
panFlowDosPfIcmperr.1.3.6.1.4.1.25461.2.1.2.1.19.8.42#Packets dropped:Zone protection option 'discard-icmp-error'
panFlowDosPfNoreplyttl.1.3.6.1.4.1.25461.2.1.2.1.19.8.43#Packets dropped:Zone protection option 'suppress-icmp-timeexceeded'
panFlowDosPfNoreplyneedfrag.1.3.6.1.4.1.25461.2.1.2.1.19.8.44#Packets dropped:Zone protection option 'suppress-icmp-needfrag'
panFlowDosPfStrictsource.1.3.6.1.4.1.25461.2.1.2.1.19.8.45#Packets dropped:Zone protection option 'discard-strict-source-routing'
panFlowDosPfLoosesource.1.3.6.1.4.1.25461.2.1.2.1.19.8.46#Packets dropped:Zone protection option 'discard-loose-source-routing'
panFlowDosPfTimestamp.1.3.6.1.4.1.25461.2.1.2.1.19.8.47#Packets dropped:Zone protection option 'discard-timestamp'
panFlowDosPfRecordroute.1.3.6.1.4.1.25461.2.1.2.1.19.8.48#Packets dropped:Zone protection option 'discard-record-route'
panFlowDosPfSecurity.1.3.6.1.4.1.25461.2.1.2.1.19.8.49#Packets dropped:Zone protection option 'discard-security'
panFlowDosPfSatnetid.1.3.6.1.4.1.25461.2.1.2.1.19.8.50#Packets dropped:Zone protection option 'discard-stream-id'
panFlowDosPfUnknown.1.3.6.1.4.1.25461.2.1.2.1.19.8.51#Packets dropped:Zone protection option 'discard-unknown-option'
panFlowDosPfBadoption.1.3.6.1.4.1.25461.2.1.2.1.19.8.52#Packets dropped:Zone protection option 'discard-malformed-option'
panFlowDosPfTcpoverlappingmismatch.1.3.6.1.4.1.25461.2.1.2.1.19.8.53#Packets dropped:Zone protection option 'discard-overlapping-tcp-segment-mismatch'
panFlowDosPfStrictip.1.3.6.1.4.1.25461.2.1.2.1.19.8.54#Packets dropped:Zone protection option 'strict-ip-check'
panFlowDosPfTcpsplithandshake.1.3.6.1.4.1.25461.2.1.2.1.19.8.55#Packets dropped:Zone protection option 'discard-tcp-split-handshake'
panFlowDosPfTcpsyndata.1.3.6.1.4.1.25461.2.1.2.1.19.8.56#Packets dropped:Zone protection option 'discard-tcp-syn-with-data'
panFlowDosPfTcpsynackdata.1.3.6.1.4.1.25461.2.1.2.1.19.8.57#Packets dropped:Zone protection option 'discard-tcp-synack-with-data'
panFlowDosIp6Route0.1.3.6.1.4.1.25461.2.1.2.1.19.8.58#Packets dropped:Zone protection option 'routing-header-0'
panFlowDosIp6Route1.1.3.6.1.4.1.25461.2.1.2.1.19.8.59#Packets dropped:Zone protection option 'routing-header-1'
panFlowDosIp6Route3.1.3.6.1.4.1.25461.2.1.2.1.19.8.60#Packets dropped:Zone protection option 'routing-header-3'
panFlowDosIp6Route4to252.1.3.6.1.4.1.25461.2.1.2.1.19.8.61#Packets dropped:Zone protection option 'routing-header-4-252'
panFlowDosIp6Route253.1.3.6.1.4.1.25461.2.1.2.1.19.8.62#Packets dropped:Zone protection option 'routing-header-253'
panFlowDosIp6Route254.1.3.6.1.4.1.25461.2.1.2.1.19.8.63#Packets dropped:Zone protection option 'routing-header-254'
panFlowDosIp6Route255.1.3.6.1.4.1.25461.2.1.2.1.19.8.64#Packets dropped:Zone protection option 'routing-header-255'
panFlowDosIp6Ip4cmpt.1.3.6.1.4.1.25461.2.1.2.1.19.8.65#Packets dropped:Zone protection option 'ipv4-compatible-address'
panFlowDosIp6Acast.1.3.6.1.4.1.25461.2.1.2.1.19.8.66#Packets dropped:Zone protection option 'anycast-source'
panFlowDosIp6OptionsInvalidIPv6.1.3.6.1.4.1.25461.2.1.2.1.19.8.67#Packets dropped:Zone protection option 'options-invalid-ipv6-discard'
panFlowDosIp6Icmpv6ErrorInvalid.1.3.6.1.4.1.25461.2.1.2.1.19.8.68#Packets dropped:Zone protection option 'icmpv6-too-big-small-mtu-discard'
panFlowDosIp6NeedlessIpv6FragHdr.1.3.6.1.4.1.25461.2.1.2.1.19.8.69#Packets dropped:Zone protection option 'needless-fragment-hdr'
panFlowDosIp6RsvdSet.1.3.6.1.4.1.25461.2.1.2.1.19.8.70#Packets dropped:Zone protection option 'reserved-field-set-discard'
panFlowDosIPv6ExtHdrHopByHop.1.3.6.1.4.1.25461.2.1.2.1.19.8.71#Packets dropped:Zone protection option 'hop-by-hop-hdr'
panFlowDosip6IPv6ExtHdrRouting.1.3.6.1.4.1.25461.2.1.2.1.19.8.72#Packets dropped:Zone protection option 'routing-hdr'
panFlowDosIp6IPv6ExtHdrDestOpt.1.3.6.1.4.1.25461.2.1.2.1.19.8.73#Packets dropped:Zone protection option 'dest-option-hdr'
panFlowDosPbpDrop.1.3.6.1.4.1.25461.2.1.2.1.19.8.74#Packets dropped:Dropped by packet buffer protection RED
panFlowDosCurrSessIncrFailed.1.3.6.1.4.1.25461.2.1.2.1.19.8.75#Unable to increment current session count on session create
panFlowDosCurrSessDecrFailed.1.3.6.1.4.1.25461.2.1.2.1.19.8.76#Unable to decrement current session count on session delete

2. panGlobalCountersDropCounters

NameOIDDescription
panFlowFwdL3TtlZero.1.3.6.1.4.1.25461.2.1.2.1.19.9.1#Packets dropped:IP TTL reaches zero
panFlowMeterHostThrottle.1.3.6.1.4.1.25461.2.1.2.1.19.9.2Session metering:sessions throttled by management session threshold!@#Session metering:sessions throttled by management session threshold
panFlowHostServiceDeny.1.3.6.1.4.1.25461.2.1.2.1.19.9.3#Device management session denied
panFlowHostServiceUnknown.1.3.6.1.4.1.25461.2.1.2.1.19.9.4#Session discarded:unknown application to control plane
panPktAllocFailure.1.3.6.1.4.1.25461.2.1.2.1.19.9.5#Packet allocation erro
panPktAllocFailureCos.1.3.6.1.4.1.25461.2.1.2.1.19.9.6#Packet allocation error due to QoS control
panSessionDiscard.1.3.6.1.4.1.25461.2.1.2.1.19.9.7#Session set to discard by security policy check

3. panGlobalCountersIPFragmentationCounters

NameOIDDescription
panFlowIpfragFragErr.1.3.6.1.4.1.25461.2.1.2.1.19.10.1#Packet dropped:IP fragmentation erro
panFlowIpfragRecv.1.3.6.1.4.1.25461.2.1.2.1.19.10.2IP fragments received!@#IP fragments receive

4. panGlobalCountersTCPState

NameOIDDescription
panTcpAllocWqeFailed.1.3.6.1.4.1.25461.2.1.2.1.19.11.1#wqe allocation failure in tcp
panTcpDeny.1.3.6.1.4.1.25461.2.1.2.1.19.11.2#session denied because of failure in tcp reassembl
panTcpDropOutOfWnd.1.3.6.1.4.1.25461.2.1.2.1.19.11.3#out-of-window packets dropped
panTcpDropPacket.1.3.6.1.4.1.25461.2.1.2.1.19.11.4#packets dropped because of failure in tcp reassembly
panFlowActionClose.1.3.6.1.4.1.25461.2.1.2.1.19.11.5#TCP sessions closed via injecting RST
panFlowActionReset.1.3.6.1.4.1.25461.2.1.2.1.19.11.6#TCP clients reset via responding RST
panFlowTcpNonSyn.1.3.6.1.4.1.25461.2.1.2.1.19.11.7#Non-SYN TCP packets without session match
panTcpExceedSegLimit.1.3.6.1.4.1.25461.2.1.2.1.19.11.8#packets dropped due to the limitation on global tcp out-of-order pack

5. Chassis Sessions

NameOID

Description

panSessionActive.0

.1.3.6.1.4.1.25461.2.1.2.3.3.0

Total Active Sessions

panSessionActiveTcp.0

.1.3.6.1.4.1.25461.2.1.2.3.4.0Active TCP Sessions

panSessionActiveUdp.0

.1.3.6.1.4.1.25461.2.1.2.3.5.0Active UDP Sessions

panSessionActiveICMP.0

.1.3.6.1.4.1.25461.2.1.2.3.6.0Active ICMP Sessions

 

Additional Information


Supported MIBs

Enterprise SNMP MIB Files
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPnBCAW&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language