PAN-OS

1. Configure Reconnaissance Protection.

   1. Select NetworkNetwork ProfilesZone Protection.
   2. Select a Zone Protection profile, or Add a new profile and enter a Name for it.
   3. On the Reconnaissance Protection tab, select the scan types to protect against.
   4. Select an Action for each scan.

      If you select Block IP, you must also configure the Track By (source or source-and-destination) and Duration options.
   5. Set the Interval in seconds. This option defines the time interval for port scan, host sweep, and IP protocol scan detection.
   6. Set the Threshold for reconnaissance events. The threshold defines the number of port scan, host sweep, or IP protocol scan events that need to occur within the specified time interval to trigger an action.
   7. (Optional) Configure a Source Address Exclusion.

      Source Address Exclusions are IP addresses that you want to exclude from reconnaissance protection. You can specify up to 20 IP addresses or netmask address objects.

      Exclude only IP addresses for trusted internal groups that perform vulnerability testing.

      1. Add the address you want to exclude.
      2. Enter a descriptive Name for the address.
      3. For Address Type, select either IPv4 or IPv6, and then select an address object or enter one manually.
      4. Click OK.
   8. Click OK to save the Zone Protection profile.
   9. Commit your changes.
2. Apply the Zone Protection profile to the appropriate zones, including zones that connect to the internet.