So i have a doubt regarding port scans in smart event, so we have been getting a lot of port scans over the past month or so and im planning to block the activity if its the detected by our internet firewalls using smart event, now this post is what i came across-
And according to the first reply by Vladimir he shows in his screenshot to block source ip as well including the event activity, now if i do select that option will it completely block the ip? or will it only block the scanning attempt (which im assuming the "block event activity" is responsible for)? ill also include the pic of what I'm talking about below:
Also how do i install the policy on the firewall? i have pressed the save button on the top so im assuming it gets saved on the management server, now do i need to install on the firewall as well?