PAN-OS

Configure Reconnaissance Protection.
Select
Network
Network Profiles
Zone Protection
.
Select a Zone Protection profile, or
Add
a new profile and enter a
Name
for it.
On the Reconnaissance Protection tab, select the scan types to protect against.
Select an
Action
for each scan.
If you select Block IP, you must also configure the
Track By
(source or source-and-destination) and
Duration
options.
Set the
Interval
in seconds. This option defines the time interval for port scan, host sweep
, and IP protocol scan
detection.
Set the
Threshold
for reconnaissance events. The threshold defines the number of port scan, host sweep
, or IP protocol scan
events that need to occur within the specified time interval to trigger an action.
(
Optional
) Configure a Source Address Exclusion.
Source Address Exclusions are IP addresses that you want to exclude from reconnaissance protection. You can specify up to 20 IP addresses or netmask address objects.
Exclude only IP addresses for trusted internal groups that perform vulnerability testing.
Add
the address you want to exclude.
Enter a descriptive
Name
for the address.
For Address Type, select either
IPv4
or
IPv6
, and then select an address object or enter one manually.
Click
OK
.
Click
OK
to save the Zone Protection profile.
Commit
your changes.
Apply the Zone Protection profile to the appropriate zones, including zones that connect to the internet.