Warning

Device

System Resources

A ZPP incident is raised for a firewall zone and protocol when all of the following conditions are met: * The zone and protocol are configured in the Zone Protection Profile. * There is recent, non-zero traffic observed for the zone. * There is sufficient historical data (minimum one month lookback) to compute recommended thresholds. * The system computes recommended thresholds from historical daily maximum CPS values: Alarm Threshold = baseline value +10%, Activate Threshold = baseline value +20%, Maximum Threshold = Twice Activate Threshold. A minimum threshold floor of 1000 CPS is always enforced. * The currently configured thresholds (Alarm, Activate, or Maximum) fall outside the acceptable range of the system-recommended values.

A ZPP incident is cleared when any one of the following conditions occurs: * The customer updates the Zone Protection Profile thresholds for the zone (either to the system-recommended values or to custom values, whether more aggressive or more conservative). * The zone has no recent traffic or insufficient data, preventing reliable threshold evaluation. * The incident automatically closes after 90 days if no customer action is taken.