Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
G_W_Albrecht
Legend Legend
Legend
Jump to solution

Port Scan and SMB

For the GAiA gateways, sk110873 How to configure Security Gateway to detect and prevent port scan gives a detailed configuration guide for R7x and R80.x. But for SMB units, in IPS protections we only find the protection Masscan Port Scanner - but no description how it works. I would assume that the IPS is able to collect statistics, but is that done with locally managed SMB devices ? And what about SMBs managed by R7x / R80.x, can you configure an automatic SAM rule to close the port scanning connections also on SMB gateways ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
1 Solution

Accepted Solutions
Pedro_Espindola
Advisor

Günther, on locally managed SMB appliances, I believe that is all you have.

For centrally managed, they have the same protections, such as Host Port Scan, Zmap, Masscan, etc.

They do not support SAM rules, and using "Block source" automatic reactions in SmartEvent will have no effect.

View solution in original post

2 Replies
Pedro_Espindola
Advisor

Günther, on locally managed SMB appliances, I believe that is all you have.

For centrally managed, they have the same protections, such as Host Port Scan, Zmap, Masscan, etc.

They do not support SAM rules, and using "Block source" automatic reactions in SmartEvent will have no effect.

G_W_Albrecht
Legend Legend
Legend

Yes, it is just like that - as the fw sam command does not work on SMBs and only SAM Events created by CP SAM GWs will work (no 3rd party events), this is all we have (and we even do know no details)...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events