PA ZONE PROTECTION PROFILE & Sub Interface

Network > Network Profiles > Zone Protection

Tcp SYN Cookies : It is a technique used to resist SYN flood attacks.

An SYN flood attack is a type of denial-of-service attack during which an attacker initiates a TCP connection with an SYN request to a server from lots of different ips and does not respond to SYN+ACK from the server.

As there is a limit on the number of ‘half-open’ TCP connections. The server won't accept any new connections. This will make system unresponsive to legitimate traffic.

In Reconnaissance is used by attacker to gather all possible information about the target before launching an actual attack.

Now Go To Zone Where you would like to apply this profile.

Sub-Interfaces

Let's make interface eth1/4 as subinterface for vlan 3 , vlan 6 and vlan 9

Step 1 : Change interface type of ethernet1/4 as "Layer3".

Here on Parent interface no need to assign virtual router / Zone / ip address

Step 2 : Select ethernet1/4 and click add subinterface from bottom left.

Tag = vlan number

Assign ip address , virtual router and zone

Similarly