Who rated this post

cancel
Showing results for 
Search instead for 
Did you mean: 
Timothy_Hall
Legend Legend
Legend

Protected Scope means match/scan all traffic going to/from this object regardless of which way the connection was originally initiated, as generally we don't care about "directionality" for the process of Threat Prevention.  We most certainly do care about that in Access Control policies.

If however the hidden Threat Prevention Source/Destination policy fields are exposed then populated (they both default to Any), you are implying directionality for what you want to scan.  So if in your TP policy Source is "net1", Destination is Any, and Protected Scope is Any, only connections initiated from net1 and the replies will match that rule and be scanned via the associated profile.  Connections initiated from outside net1 into it will not match that TP rule at all for traffic in both directions.

I got this question a lot in various classes so here is the coverage of this topic from my 2021 IPS/AV/ABOT Video Series class:

tp_src_dst.png

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

View solution in original post

(1)
Who rated this post