Learn how to configure reconnaissance protection to prevent
attackers from probing your network for vulnerabilities.
Configure one of the following Reconnaissance Protection actions
for the firewall to take in response to the corresponding reconnaissance attempt:
Allow
—The firewall allows the port scan or host sweep
reconnaissance to continue.
Alert
—The firewall generates an alert for each port
scan or host sweep that matches the configured threshold within
the specified time interval. Alert is the default action.
Block
—The firewall drops all subsequent packets from
the source to the destination for the remainder of the specified
time interval.
Block IP
—The firewall drops all subsequent packets
for the specified
Duration
, in seconds (the
range is 1-3,600).
Track By
determines whether
the firewall blocks source or source-and-destination traffic.
Configure Reconnaissance Protection.
Select
Network
Network Profiles
Zone Protection
.
Select a Zone Protection profile or
Add
a
new profile and enter a
Name
for it.
On the Reconnaissance Protection tab, select the scan
types to protect against.
Select an
Action
for each scan.
If you select Block IP, you must also configure
Track
By
(source or source-and-destination) and
Duration
.
Set the
Interval
in seconds.
This options defines the time interval for port scan and host sweep
detection.
Set the
Threshold
. The threshold
defines the number of port scan events or host sweeps that occurs
within the interval configured above that triggers an action.
(
Optional
) Configure a Source Address Exclusion.
On the Reconnaissance Protection tab,
Add
a
Source Address Exclusion.
Enter a descriptive
Name
for
the address you want to exclude.
Set the Address Type to
IPv4
or
IPv6
and
then select an address object or enter an IP address.