Hi Akeem, thank you for your comment ! The DoS protection in this video was set up on a Palo Alto Networks Firewall (VM-100). The recording was done using Camtasia. Cheers !
As I just started looking at this, whats the best way to monitor DoS related sessions? Would it show up under Traffic rule name and dropped or protected?
You would want to protect your internal assets from a dos attack. So the source of the attack would be coming from untrust and going to trust. This is assuming your untrust zone is the internet and your trust is the lan you are trying to protect.
@@brewst43 yet I've another doubt. What if a purpotrator sits inside the LAN (Trusted) and tries to malign things... In that case don't we have to apply Dos to that interface? Reply is appreciated.
@@ashokreddyb7867 you could set up another rule that has source zone and dest zone set as trust. This prevents systems in the lan from dosing each other. I wouldn't worry to much about that unless the users try to dos each other. If you want more detailed help, hit me up on Reddit. Add "user/HollowSavant" after the reddit.com portion without quotes. Hit chat on the right side under the picture. Currently configuring a pa200 for my home. Managed a 5k series at work.
when configure source zone why we do not have zone trust and why you have configure untrust zone from source
very good video, please do keep posting such contents
how to find offending IP's blocked by DOS policy ??
what is the difference when we configure DOS Protection and zone protection
Here you go: knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClW6CAK
If I apply dos protection for published service, which zone/ip address should be indicated for destination zone/ip. mapped ip or real public ip ?
All rules use pre-NAT IP addresses and post-NAT zones, so the DoS policy would have the public IP and the internal zone as destination
nice content. what tool did you use for setting this protection up in the video ?
Hi Akeem, thank you for your comment ! The DoS protection in this video was set up on a Palo Alto Networks Firewall (VM-100). The recording was done using Camtasia. Cheers !
As I just started looking at this, whats the best way to monitor DoS related sessions? Would it show up under Traffic rule name and dropped or protected?
You will need to look in the threat logs, as DoS events are attacks
@@PaloAltoNetworksLiveCommunity awesome. I'll work with default values and tweak as needed.
@@PaloAltoNetworksLiveCommunity Can we see log at Monitor > alarm when sessions are reach at alarm value ( default 10,000 CPS) ?
Kim Wens rocks.
Have you inadvertently chosen source as untrust or do we have to apply DoS on untrust?? or is your source zone name is Untrust?? Confusing....
You would want to protect your internal assets from a dos attack. So the source of the attack would be coming from untrust and going to trust. This is assuming your untrust zone is the internet and your trust is the lan you are trying to protect.
@@brewst43 thank you bro. This dispelled the doubt.
@@brewst43 yet I've another doubt. What if a purpotrator sits inside the LAN (Trusted) and tries to malign things... In that case don't we have to apply Dos to that interface? Reply is appreciated.
@@ashokreddyb7867 you could set up another rule that has source zone and dest zone set as trust. This prevents systems in the lan from dosing each other. I wouldn't worry to much about that unless the users try to dos each other. If you want more detailed help, hit me up on Reddit. Add "user/HollowSavant" after the reddit.com portion without quotes. Hit chat on the right side under the picture. Currently configuring a pa200 for my home. Managed a 5k series at work.
@@brewst43 Thank you bro for the replay again.
Why are Packet Protection and Zone Protection disabled by default?
because you need to define your own limit according to your traffic then enable it.
Nice IP grabber link XD!
Lol why old router doesn't have that rules 🤣