Summary:
1. Zone Protection
1.1 What is it, why do we need it?
1.2 Zone protection profile
1.3 Apply zone protection profile to a zone
2. DoS Protection
2.1 DoS Protection profile
2.2 Apply DoS protection profile to a DoS policy (not security policy)
Differences:
Zone Protection:
- Apply on a zone for aggregate traffic (meaning all traffic)
- Focus on the attack at firewall
DoS Protection:
- Apply DoS profile to a DoS Policy particular traffic (more granular than zone protection)
- Focus on the attach that is trying to go through firewall
Details:
1.1 What is Zone Protection used for?
- Flood Protection
- Reconnaissance Protection
- Packet Based Attack Protection
1.2 Create a Zone Protection Profile
1.3 Apply Zone Protection Profile to Outside zone
-
Test:
Note: my zone protection is enabled on the outside zone, but I was initiating a large ping from inside. The zone protection would not block large ping from inside out, but it should block echo reply packets larger than what I defined in icmp protection profile 1024. Yes, 1000 is < 1024, but with icmp headers overhead, returning echo reply for 1000 is > 1024 and it's why it's blocked.
2.1 Create a DoS protection profile
Note, "Aggregate" means to apply to all traffic, but the "all" within the DoS protection is within the scope of a security policy only (not to a zone).
2.2 Create a DoS Policy and attach DoS profile
