Hello Team,
I must share a little secret with you today. I have written
about Zone protection in the past and how they can help DDOS attacks by
applying a Zone Protection profile. We also have DOS profiles that are meant to
protect 1 server or object to add more protection in conjunction with our Zone
Protection profiles.
What happens if we misconfigure our settings too high and
allow a DOS attack to get in? How will we know if we are under attack? Those
are great questions to ask, I will share my little secret with you.
By default, Palo Alto has decided to not have “Log Export
and Reporting” enabled.
image from:Technical Documentation Portal©2007-2017 Palo Alto Networks, Inc.
With that said lets go enable the setting to protect us from a crashing firewall.
Go To:
Device > Setup > Management > Logging and Reporting
Settings > Log Export and Reporting.
Enable “Enable Log on High DP Load”.
DOS and DDOS attacks can affect your CPU utilization while you’re
under attack. Causing your Device to lower service access while at 100% CPU utilization.
You want to have logs of the incident to be able to investigate and correct
your vulnerabilities. Now we can monitor the system logs for the event and hope
it never happens.
System Logs:
o
Type: General
o
Severity: information
o
Event: General
o
Description: Dataplan under server load.
Thank you,
AzNetAdmin