: Network > Network Profiles > Zone Protection
Focus
Focus

Network > Network Profiles > Zone Protection

Table of Contents
End-of-Life (EoL)

Network > Network Profiles > Zone Protection

A Zone Protection profile applied to a zone offers protection against most common floods, reconnaissance attacks, other packet-based attacks, the use of non-IP protocols, and headers with 802.1Q (Ethertype 0x8909) that have specific Security Group Tags (SGTs). A Zone Protection profile is designed to provide broad-based protection at the ingress zone (the zone where traffic enters the firewall) and is not designed to protect a specific end host or traffic going to a particular destination zone. You can attach one zone protection profile to a zone.
Apply a Zone Protection profile to each zone to layer in extra protection against IP floods, reconnaissance, packet-based attacks, and non-IP protocol attacks. Zone Protection on the firewall should be a second layer of protection after a dedicated DDoS device at the internet perimeter.
To augment zone protection capabilities on the firewall, configure a DoS Protection policy (Policies > DoS Protection) to match on a specific zone, interface, IP address, or user.
Zone protection is enforced only when there is no session match for the packet because zone protection is based on new connections per second (cps), not on packets per second (pps). If the packet matches an existing session, it will bypass the zone protection setting.
What are you looking for?
See:
How do I create a Zone Protection profile?