Configure Reconnaissance Protection
Focus
Focus

Configure Reconnaissance Protection

Table of Contents

Configure Reconnaissance Protection

Prevent attackers from probing your network for vulnerabilities by configuring reconnaissance protection for IP protocol scan, UDP and TCP scans, and host sweeps.
Malicious actors use various scanning techniques, including port scans (TCP and UDP), host sweeps, and IP protocol scans, to identify and exploit network vulnerabilities. To protect your network against these scans, configure the Reconnaissance Protection settings of a Zone Protection profile. For each scan type, you will specify an action and the conditions that trigger the action. For example, you can block subsequent packets from an untrusted source if the firewall detects 1000 IP protocol scan events from that source within 60 seconds.
The following actions are supported for each scan:
  • Allow—The firewall allows the port scan, host sweep, or IP protocol scan reconnaissance to continue.
  • (Default) Alert—The firewall generates an alert for each port scan, host sweep, or IP protocol scan that matches the configured threshold within the specified time interval.
  • Block—The firewall drops all subsequent packets from the source to the destination for the remainder of the specified time interval.
  • Block IP—The firewall drops all subsequent packets for the specified Duration, in seconds (the range is 1-3,600). Track By determines whether the firewall blocks source or source-and-destination traffic.