Document:PAN-OS® Web Interface Reference

Building Blocks of Zone Protection Profiles

To create a Zone Protection profile,

Add

a profile and name it.

Zone Protection Profile Settings	Configured In	Description
Name	Network Network Profiles Zone Protection	Enter a profile name (up to 31 characters). This name appears in the list of Zone Protection profiles when configuring zones. The name is case-sensitive and must be unique. Use only letters, numbers, spaces, and underscores.
Description	Network Network Profiles Zone Protection	Enter an optional description for the Zone Protection profile.

Continue to create the Zone Protection profile by configuring any combination of settings based on what types of protection your zone needs:

Flood Protection

Reconnaissance Protection

Packet Based Attack Protection

Protocol Protection

If you have a multi virtual system environment, and have enabled the following:

External zones to enable inter virtual system communication

Shared gateways to allow virtual systems to share a common interface and a single IP address for external communications

the following Zone and DoS protection mechanisms will be disabled on the external zone:

SYN cookies

IP fragmentation

ICMPv6

To enable IP fragmentation and ICMPv6 protection for the shared gateway, you must create a separate Zone Protection profile for the shared gateway.

To protect against SYN floods on a shared gateway, you can apply a SYN Flood protection profile with either Random Early Drop or SYN cookies; on an external zone, only Random Early Drop is available for SYN Flood protection.

Document:PAN-OS® Web Interface Reference

Building Blocks of Zone Protection Profiles

Building Blocks of Zone Protection Profiles

Recommended For You

Recommended Videos