Summary:

1. Zone Protection

    1.1 What is it, why do we need it?

    1.2 Zone protection profile

    1.3 Apply zone protection profile to a zone

2. DoS Protection

2.1 DoS Protection profile

2.2 Apply DoS protection profile to a DoS policy (not security policy)

 

Differences:

Zone Protection:

- Apply on a zone for aggregate traffic (meaning all traffic)

- Focus on the attack at firewall

DoS Protection:

- Apply DoS profile to a DoS Policy particular traffic (more granular than zone protection)

- Focus on the attach that is trying to go through firewall

Details:

1.1 What is Zone Protection used for?

- Flood Protection

- Reconnaissance Protection

- Packet Based Attack Protection

1.2 Create a Zone Protection Profile

1.3 Apply Zone Protection Profile to Outside zone

  • Test:

Note: my zone protection is enabled on the outside zone, but I was initiating a large ping from inside. The zone protection would not block large ping from inside out, but it should block echo reply packets larger than what I defined in icmp protection profile 1024. Yes, 1000 is < 1024, but with icmp headers overhead, returning echo reply for 1000 is > 1024 and it's why it's blocked.

2.1 Create a DoS protection profile

Note, "Aggregate" means to apply to all traffic, but the "all" within the DoS protection is within the scope of a security policy only (not to a zone).

2.2 Create a DoS Policy and attach DoS profile