Configure Reconnaissance Protection
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
Configure Reconnaissance Protection
Learn how to configure reconnaissance protection to prevent
attackers from probing your network for vulnerabilities.
Configure one of the following Reconnaissance Protection actions
for the firewall to take in response to the corresponding reconnaissance attempt:
- Allow—The firewall allows the port scan or host sweep reconnaissance to continue.
- Alert—The firewall generates an alert for each port scan or host sweep that matches the configured threshold within the specified time interval. Alert is the default action.
- Block—The firewall drops all subsequent packets from the source to the destination for the remainder of the specified time interval.
- Block IP—The firewall drops all subsequent packets for the specified Duration, in seconds (the range is 1-3,600). Track By determines whether the firewall blocks source or source-and-destination traffic.
- Configure Reconnaissance Protection.
- Select NetworkNetwork ProfilesZone Protection.Select a Zone Protection profile or Add a new profile and enter a Name for it.On the Reconnaissance Protection tab, select the scan types to protect against.Select an Action for each scan. If you select Block IP, you must also configure Track By (source or source-and-destination) and Duration.Set the Interval in seconds. This options defines the time interval for port scan and host sweep detection.Set the Threshold. The threshold defines the number of port scan events or host sweeps that occurs within the interval configured above that triggers an action.(Optional) Configure a Source Address Exclusion.
- On the Reconnaissance Protection tab, Add a Source Address Exclusion.
- Enter a descriptive Name for the address you want to exclude.
- Set the Address Type to IPv4 or IPv6 and then select an address object or enter an IP address.
- Click OK.
Click OK to save the Zone Protection profile.Commit your changes.