Reconnaissance Protection

Similar to the military definition of reconnaissance, the network security definition of reconnaissance is when attackers attempt to gain information about your network’s vulnerabilities by secretly probing the network to find weaknesses. Reconnaissance activities are often preludes to a network attack.
Zone protection profiles with reconnaissance protection enabled defend against port scans and host sweeps:
  • Port scans
    discover open ports on a network. A port scanning tool sends client requests to a range of port numbers on a host, with the goal of locating an active port to exploit in an attack. Zone protection profiles defend against both TCP and UDP port scans.
  • Host sweeps
    examine multiple hosts to determine if a specific port is open and vulnerable.
You can use reconnaissance tools for legitimate purposes such as
white hat
testing of network security or the strength of a firewall. You can specify up to 20 IP addresses or netmask address objects to exclude from reconnaissance protection so that your internal IT department can conduct white hat tests to find and fix network vulnerabilities.
You can set the action to take when reconnaissance traffic (excluding white hat traffic) exceeds the configured threshold when you Configure Reconnaissance Protection.

Related Documentation