cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Port Scan and SMB

Jump to solution

For the GAiA gateways, sk110873 How to configure Security Gateway to detect and prevent port scan gives a detailed configuration guide for R7x and R80.x. But for SMB units, in IPS protections we only find the protection Masscan Port Scanner - but no description how it works. I would assume that the IPS is able to collect statistics, but is that done with locally managed SMB devices ? And what about SMBs managed by R7x / R80.x, can you configure an automatic SAM rule to close the port scanning connections also on SMB gateways ?

Tags (2)
1 Solution

Accepted Solutions

Re: Port Scan and SMB

Jump to solution

Günther, on locally managed SMB appliances, I believe that is all you have.

For centrally managed, they have the same protections, such as Host Port Scan, Zmap, Masscan, etc.

They do not support SAM rules, and using "Block source" automatic reactions in SmartEvent will have no effect.

2 Replies

Re: Port Scan and SMB

Jump to solution

Günther, on locally managed SMB appliances, I believe that is all you have.

For centrally managed, they have the same protections, such as Host Port Scan, Zmap, Masscan, etc.

They do not support SAM rules, and using "Block source" automatic reactions in SmartEvent will have no effect.

Re: Port Scan and SMB

Jump to solution

Yes, it is just like that - as the fw sam command does not work on SMBs and only SAM Events created by CP SAM GWs will work (no 3rd party events), this is all we have (and we even do know no details)...