Cloud Management
Focus
Focus

Cloud Management

Table of Contents


Cloud Management

Configure reconnaissance protection for IP protocol scan, UDP and TCP scans, and host sweeps on Strata Cloud Manager.
You can configure protection against IP protocol scan, UDP or TCP scans, or host sweeps for next-generation firewalls managed with Strata Cloud Manager.
  1. Configure Reconnaissance Protection.
    1. Select ManageConfigurationNGFW and Prisma Access Device SettingsZones.
    2. Select or Add a Zone.
      If you add a zone:
      • Enter a Name for the zone.
      • Select an Interface Type.
      • Add or Remove Interfaces.
    3. Select or Create a New Zone Protection Profile.
      If you add a new Zone Protection profile:
      • Enter a Name for the profile.
      • (Optional) Add a profile description.
      • Configure Flood, Packet Based Attack, Protocol, or EthernetSGT settings.
    4. Select Reconnaissance and under Items, Enable the scan types to protect against.
    5. For each scan, select an Action.
      If you select Block-IP, you must also configure the Track-By (source or source-and-destination) and Duration options.
    6. For each scan, specify an Interval (Sec).
      This option defines the time interval, in seconds, for detection of the given scan type.
    7. For each scan, specify a Threshold (Events).
      The threshold defines the number of events that must be detected within the specified interval before the specified action triggers.
    8. (Optional) Configure the Source Address Exclusion List.
      Source Address Exclusions are IP addresses that you want to exclude from reconnaissance protection. You can specify up to 20 IP addresses or netmask address objects.
      1. Click Add to create a new entry.
      2. Enter a descriptive Name for the address.
      3. Select an Address Type.
      4. Specify one or more IP Address(es).
    9. Click Add to save the Zone Protection profile.
  2. Save the Zone.
  3. Push Config.