Port scan report shows all TCP ports are open
The above behvior is working as expected and in order to avoid this you can do one of the following options.
- Disable SYN flood protection.
- Change the Action from SYN Cookie to Random Early Drop.
- Increase the threshold for activation.
Please follow the below steps to tweak these changes. Before making these changes take Network security into consideration.
From the GUI
Go to Network Tab > Zone Protection Profile > select the appropriate Zone Protection Profile > Flood Protection.
From the CLI:
To change from SYN-Cookie to random early drop:
# delete network profiles zone-protection-profile untrust-zone flood tcp-syn syn-cookies
To change the activation rate:
# set network profiles zone-protection-profile untrust-zone flood tcp-syn syn-cookies activate-rate "value"