What measurements should you take to baseline the average
and peak CPS so you can set reasonable flood thresholds?
Measure average and peak CPS traffic over the course
of at least five business days or until you’re confident that the measurements
reflect the network’s typical traffic patterns; the longer measurement
period, the more accurate the measurements. Take into account special
events, quarterly events, and annual events that may spike the number
of CPS you need to support. You may need to adjust Zone Protection
profiles and schedule adjusted DoS Protection policy rules to accommodate
these types of events if your firewalls have the capacity to handle
extra traffic. Take the following baseline measurements:
For Zone Protection profiles, measure the average and
peak CPS ingressing each zone.
For aggregate DoS Protection profiles, measure the combined
average and peak CPS for each group of devices you want to protect.
For classified DoS Protection profiles, measure the average
and peak CPS of the individual devices you want to protect.
Also understand the capacity of your firewalls and how other
resource-consuming features such as decryption affect the number of
connections each firewall can control. As a general rule, the closer
a firewall is to the perimeter, the greater its capacity needs to be
because it handles more traffic. The datasheet for each firewall
model includes the total new sessions per second (CPS) the firewall supports
and the Firewall Comparison Tool enables
you to compare the CPS (and other metrics) of different firewall models.