Cloud Management

Configure Reconnaissance Protection.
Select
Manage
Configuration
NGFW and
Prisma Access
Device Settings
Zones
.
Select or
Add a Zone
.
If you add a zone:
Enter a
Name
for the zone.
Select an
Interface Type
.
Add
or
Remove
Interfaces.
Select or
Create a New
Zone Protection Profile.
If you add a new Zone Protection profile:
Enter a
Name
for the profile.
(
Optional
) Add a profile description.
Configure
Flood
,
Packet Based Attack
,
Protocol
, or
EthernetSGT
settings.
Select
Reconnaissance
and under Items,
Enable
the scan types to protect against.
For each scan, select an
Action
.
If you select
Block-IP
, you must also configure the
Track-By
(source or source-and-destination) and
Duration
options.
For each scan, specify an
Interval (Sec)
.
This option defines the time interval, in seconds, for detection of the given scan type.
For each scan, specify a
Threshold (Events)
.
The threshold defines the number of events that must be detected within the specified interval before the specified action triggers.
(
Optional
) Configure the Source Address Exclusion List.
Source Address Exclusions are IP addresses that you want to exclude from reconnaissance protection. You can specify up to 20 IP addresses or netmask address objects.
Click
Add
to create a new entry.
Enter a descriptive
Name
for the address.
Select an
Address Type
.
Specify one or more
IP Address(es)
.
Click
Add
to save the Zone Protection profile.
Save
the Zone.
Push Config
.