Port scans from recurring IP address
AronS
Newbie ✭
I have a TZ470 and a few days ago started getting log ID 82 Port Scan Possible and log ID 83 Probable Port Scan detected, every 20 or so minutes. The same source IP address is scanning each time. While I believe these are more or less benign, the fact the same IP address keeps scanning our firewall is annoying, is there a rule or policy I can create to block this IP address from scanning ports?
Category: Entry Level Firewalls
0
Best Answer
-
CORRECT ANSWER
Nevyaditha
Moderator
Hi @AronS ,
You can create an inbound access rule to block the traffic from that specific IP address.
Please follow the KB below:
Thanks
Nevyaditha P
Technical Support Advisor, Premier Services
1
Answers
I created a rule (see screen shot attached)...I tried changing destination zone to X1, which is the zone for our firewall (affected system here). I'm still getting port scan alerts. I'm assuming I need to tweak something but am not sure what
Hi @AronS,
Can you please configure the rule from source as WAN zone to Destination as Any zone and then monitor ?
Nevyaditha P
Technical Support Advisor, Premier Services
The scans seemed to have stopped....the rule is still set to Destination X1, but since they are no longer occurring I left the rule as is. If they reoccur I'll try changing the Destination to Any zone. Thanks