Zone Protection profile - Flood Detection

• PAN-OS

The device is experiencing a flood of traffic detected by Strata Cloud Manager.

1. Using the Connections Per Second (CPS) value, the identified ingress zone and the type of the traffic flood provided by Strata Cloud ManagerApp under the Alert view:
   1. Apply more restrictive security policies to the traffic sourced from the zone for the identified type of traffic.
   2. Adjust the values used to configure the zone protection profile attached to the identified zone, use the recommended values provided by Strata Cloud Manager.
   3. Create a DOS policy to the traffic sourced from the identified network and zone.
2. For further help in identifying the source, type and target of traffic flood refer to:
   1. How to troubleshoot DOS attacks which uses CLI command:

      show session info

      show session all filter min-kb <value>
      show session all filter count yes

      show running resource-monitor
      show running resource-monitor ingress-backlogs

      Traffic logs Monitor > logs > Traffic and the ACC tab.
3. For further help with mitigation of the flood of traffic at the firewall refer to:
   1. How to Configure DoS Protection Against Flooding of New Sessions steps 2, 3 and 4 where a DOS policy can be applied with action “Protect” and address matched to “source-ip only” or “src-dest-ip-both”.
   2. How to configure Flood Protection under Network > Network Profiles > Zone Protection > Zone Protection Profile > Flood Protection and apply it to the ingress zone of the traffic flood.
   3. How to apply Packet Buffer Protection to prevent traffic flood from consuming firewall resources: Globally under Device > Setup> Session Settings and per zone under Network > Zones.
4. Check more details on DoS and Zone Protection Best Practices.