Prevent attackers from probing your network for vulnerabilities by configuring
reconnaissance protection for IP protocol scan, UDP and TCP scans, and host
sweeps.
Malicious actors use various scanning techniques, including port scans (TCP and UDP),
host sweeps
, and IP protocol scans,
to identify and exploit network vulnerabilities. To protect your network against
these scans, configure the
Reconnaissance Protection
settings of a Zone Protection profile. For each scan type, you will specify an
action and the conditions that trigger the action. For example, you can
block
subsequent packets from an untrusted source if the firewall detects
1000
IP protocol scan events from that
source within
60 seconds.
The following actions are supported for each scan:
Allow—The firewall allows the port scan, host sweep, or IP protocol scan
reconnaissance to continue.
(Default) Alert—The firewall generates an alert for each port
scan, host sweep, or IP protocol
scan that matches the configured threshold within the specified
time interval.
Block—The firewall drops all subsequent packets from the source to the
destination for the remainder of the specified time interval.
Block IP—The firewall drops all subsequent packets for the specified
Duration, in seconds (the range is 1-3,600).
Track By determines whether the firewall blocks
source or source-and-destination traffic.
