- CheckMates
- :
- Products
- :
- Quantum
- :
- Threat Prevention
- :
- Prevent Port scan
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Prevent Port scan
Atm my IPS settings are as follows:
But in log Port scan is still Detect is not Prevent.
Few years ago in Pfseance I drop all port scan. What should I do to drop/prevent in CP.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please provide further details of the TP profile configuration and current Gateway settings for IPS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This SK's will maybe help you out:
https://support.checkpoint.com/results/sk/sk110873
This one is mostly about DDOS but it also speaks regarding port scans
https://support.checkpoint.com/results/sk/sk112241
If you like this post please give a thumbs up(kudo)! 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you have SmartEvent, you can configure reactions accordingly.
If not, you can always configure a Suspicious Activity Monitoring (SAM) rule. This works by sending an alert to SmartView Monitor.
This is just a heads up... You can search SKs for SAM rules-
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As Zolocofxp indicated, you can use SmartEvent and it does work well. You can also take a look at Checkpoint's Playblocks.
