Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
SubZer0
Contributor

Prevent Port scan

Atm my IPS settings are as follows:

SubZer0_0-1712217109918.png

 

SubZer0_1-1712217109919.png

 

SubZer0_2-1712217109919.png

 

But in log Port scan is still Detect is not Prevent.

SubZer0_3-1712217109922.png

 

 

Few years ago in Pfseance I drop all port scan. What should I do to drop/prevent in CP.

4 Replies
Chris_Atkinson
Employee Employee
Employee

Please provide further details of the TP profile configuration and current Gateway settings for IPS

CCSM R77/R80/ELITE
Lesley
Mentor Mentor
Mentor

This SK's will maybe help you out:

https://support.checkpoint.com/results/sk/sk110873

This one is mostly about DDOS but it also speaks regarding port scans

https://support.checkpoint.com/results/sk/sk112241

 

-------
If you like this post please give a thumbs up(kudo)! 🙂
Zolocofxp
Collaborator

If you have SmartEvent, you can configure reactions accordingly.

SmartEvent_portscan.png

If not, you can always configure a Suspicious Activity Monitoring (SAM) rule. This works by sending an alert to SmartView Monitor.

hps_sam.png 

 

alert.png

This is just a heads up... You can search SKs for SAM rules-

 

JoSec
Collaborator

As Zolocofxp indicated, you can use SmartEvent and it does work well. You can also take a look at Checkpoint's Playblocks.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece

    Tue 25 Mar 2025 @ 12:00 PM (MDT)

    Salt Lake City: CPX 2025 Recap

    Tue 08 Apr 2025 @ 12:00 PM (MDT)

    Denver: CPX 2025 Recap
    CheckMates Events