Configure Reconnaissance Protection
Configure one of the following Reconnaissance Protection actions for the firewall to take in response to the corresponding reconnaissance attempt:
- Allow—The firewall allows the port scan or host sweep reconnaissance to continue.
- Alert—The firewall generates an alert for each port scan or host sweep that matches the configured threshold within the specified time interval. Alert is the default action.
- Block—The firewall drops all subsequent packets from the source to the destination for the remainder of the specified time interval.
- Block IP—The firewall drops all subsequent packets for the specified Duration, in seconds (the range is 1-3,600). Track By determines whether the firewall blocks source or source-and-destination traffic.
- Configure Reconnaissance Protection.
- Select NetworkNetwork ProfilesZone Protection.
- Select a Zone Protection profile or Add a new profile and enter a Name for it.
- On the Reconnaissance Protection tab, select the scan types to protect against.
- Select an Action for each scan. If you select Block IP, you must also configure Track By (source or source-and-destination) and Duration.
- Set the Interval in seconds. This options defines the time interval for port scan and host sweep detection.
- Set the Threshold. The threshold defines the number of port scan events or host sweeps that occurs within the interval configured above that triggers an action.
- (Optional) Configure a Source Address Exclusion.
- On the Reconnaissance Protection tab, Add a
Source Address Exclusion.
- Enter a descriptive Name for the whitelisted address.
- Set the Address Type to IPv4 or IPv6 and then select an address object or enter an IP address.
- Click OK.
- Click OK to save the Zone Protection profile.
- Commit your changes.
- On the Reconnaissance Protection tab, Add a Source Address Exclusion.
Reconnaissance Protection Network > Network Profiles > Zone Protection > Reconnaissance Protection The following settings define reconnaissance protection: Zone Protection Profile Settings—Reconnaissance Protection Configured In ...
Reconnaissance Protection Similar to the military definition of reconnaissance, the network security definition of reconnaissance is when attackers attempt to gain information about your network’s ...
Reconnaissance Protection Whitelist
Reconnaissance Protection Whitelist While ports scanning can be used for legitimate network monitoring purposes, it can also be used by attackers to search for an ...
Configure Zone Protection to Increase Network Security
Configure Zone Protection to Increase Network Security The following topics provide zone protection configuration examples: Configure Reconnaissance Protection Configure Packet Based Attack Protection Configure Protocol ...
Networking Features New Networking Features Description Tunnel Content Inspection The firewall can now inspect the traffic content of cleartext tunnel protocols: Generic Routing Encapsulation (GRE) ...
Zone Defense Tools
Zone Defense Tools Palo Alto Networks firewalls provide three complementary tools to protect the zones in your network: Zone protection profiles defend the zone at ...
Use Templates to Administer a Base Configuration
Use Templates to Administer a Base Configuration The second task in Use Case: Configure Firewalls Using Panorama is to create the templates you will need ...
Network > Network Profiles > Zone Protection
Network > Network Profiles > Zone Protection A Zone Protection profile applied to a zone offers protection against most common floods, reconnaissance attacks, other packet-based ...
Networking Features Tunnel Content Inspection Multiprotocol BGP Zone Protection for Multi-path TCP (MPTCP) Evasions Zone Protection for Non-IP Protocols on a Layer 2 VLAN or ...