How to Block an IP for a Specific Period upon Detecting Port Scan or Host Sweep
96763
Created On 09/25/18 17:39 PM - Last Modified 06/14/23 07:17 AM
Symptom
Resolution
To configure block IP feature in Reconnaissance Protection:
- Inside of the WebGUI Go To: Network > Network Profiles > Zone Protection > Zone Protection Profile > Reconnaissance Protection.
- Change the Action from Alert to Block IP and select Track By either Source or Source and Destination IP based on your requirement.
- After the Track By field is selected, select the duration (in secs)--minimum value is 1 second and maximum value is 3600 seconds. When the port scan/host sweep protection is triggered, all further traffic from that source IP or from that source to destination IP( based on the option selected in Tthe rack By field) is blocked for the specified period.
- Then Commit the changes to make this active.