topic Re: Port Scan/Host Sweep settings... in General Topics https://live.paloaltonetworks.com/t5/general-topics/port-scan-host-sweep-settings/m-p/9559#M7009 <HTML><HEAD></HEAD><BODY><P>This is a great question, but it is a question with no one-size-fits-all answer.</P><P></P><P>It might first be helpful to characterize your network traffic. Once you have some network traffic data you can start using that to tune your settings.</P><P></P><P>Your settings look perfectly reasonable <STRONG>if </STRONG>your assumptions are reasonable. Without knowing more about your network it's guessing game to look at your proposed settings and try and render judgement about their appropriateness.</P><P></P><P>Possibly there are some other readers out there with some good rules-of-thumb to share?</P><P></P><P>-Benjamin</P></BODY></HTML> Mon, 07 Feb 2011 23:31:20 GMT bpappas 2011-02-07T23:31:20Z Port Scan/Host Sweep settings... https://live.paloaltonetworks.com/t5/general-topics/port-scan-host-sweep-settings/m-p/9558#M7008 <HTML><HEAD></HEAD><BODY><P>What is everyone using for their Port Scan/Host Sweep settings in the Zone Protection profile?</P><P></P><P>Mine are at...</P><P></P><P>TCP Port Scan</P><P>5 secs</P><P>800 events</P><P></P><P>UDP Port Scan</P><P>5 secs</P><P>800 events</P><P></P><P>Host Sweep</P><P>2 secs</P><P>200 events</P><P></P><P>...I may have to fine tune it some more to lower the amount of "false readings".</P></BODY></HTML> Thu, 03 Feb 2011 20:30:34 GMT https://live.paloaltonetworks.com/t5/general-topics/port-scan-host-sweep-settings/m-p/9558#M7008 jambulo 2011-02-03T20:30:34Z Re: Port Scan/Host Sweep settings... https://live.paloaltonetworks.com/t5/general-topics/port-scan-host-sweep-settings/m-p/9559#M7009 <HTML><HEAD></HEAD><BODY><P>This is a great question, but it is a question with no one-size-fits-all answer.</P><P></P><P>It might first be helpful to characterize your network traffic. Once you have some network traffic data you can start using that to tune your settings.</P><P></P><P>Your settings look perfectly reasonable <STRONG>if </STRONG>your assumptions are reasonable. Without knowing more about your network it's guessing game to look at your proposed settings and try and render judgement about their appropriateness.</P><P></P><P>Possibly there are some other readers out there with some good rules-of-thumb to share?</P><P></P><P>-Benjamin</P></BODY></HTML> Mon, 07 Feb 2011 23:31:20 GMT https://live.paloaltonetworks.com/t5/general-topics/port-scan-host-sweep-settings/m-p/9559#M7009 bpappas 2011-02-07T23:31:20Z