How to Block an IP for a Specific Period upon Detecting Port Scan or Host Sweep
Created On 09/25/18 17:39 PM - Last Updated 02/07/19 23:57 PM
To configure block IP feature in Reconnaissance Protection:
- Inside of the WebGUI Go To: Network > Network Profiles > Zone Protection > Zone Protection Profile > Reconnaissance Protection.
- Change the Action from Alert to Block IP and select Track By either Source or Source and Destination IP based on your requirement.
- After the Track By field is selected, select the duration (in secs)--minimum value is 1 second and maximum value is 3600 seconds. When the port scan/host sweep protection is triggered, all further traffic from that source IP or from that source to destination IP( based on the option selected in Tthe rack By field) is blocked for the specified period.
- Then Commit the changes to make this active.