Configure Reconnaissance Protection
Focus
Focus

Configure Reconnaissance Protection

Table of Contents

Configure Reconnaissance Protection

Learn how to configure reconnaissance protection to prevent attackers from probing your network for vulnerabilities.
Configure one of the following Reconnaissance Protection actions for the firewall to take in response to the corresponding reconnaissance attempt:
  • Allow
    —The firewall allows the port scan or host sweep reconnaissance to continue.
  • Alert
    —The firewall generates an alert for each port scan or host sweep that matches the configured threshold within the specified time interval. Alert is the default action.
  • Block
    —The firewall drops all subsequent packets from the source to the destination for the remainder of the specified time interval.
  • Block IP
    —The firewall drops all subsequent packets for the specified
    Duration
    , in seconds (the range is 1-3,600).
    Track By
    determines whether the firewall blocks source or source-and-destination traffic.
  1. Configure Reconnaissance Protection.
    1. Select
      Network
      Network Profiles
      Zone Protection
      .
    2. Select a Zone Protection profile or
      Add
      a new profile and enter a
      Name
      for it.
    3. On the Reconnaissance Protection tab, select the scan types to protect against.
    4. Select an
      Action
      for each scan. If you select Block IP, you must also configure
      Track By
      (source or source-and-destination) and
      Duration
      .
    5. Set the
      Interval
      in seconds. This options defines the time interval for port scan and host sweep detection.
    6. Set the
      Threshold
      . The threshold defines the number of port scan events or host sweeps that occurs within the interval configured above that triggers an action.
  2. (
    Optional
    ) Configure a Source Address Exclusion.
    1. On the Reconnaissance Protection tab,
      Add
      a Source Address Exclusion.
      1. Enter a descriptive
        Name
        for the address you want to exclude.
      2. Set the Address Type to
        IPv4
        or
        IPv6
        and then select an address object or enter an IP address.
      3. Click
        OK
        .
    2. Click
      OK
      to save the Zone Protection profile.
    3. Commit
      your changes.

Recommended For You