I am not sure I completely understand the question.
Can you block a source IP using traceroute app-id?
you can create a policy to deny traceroute from a source IP, yes.
is that your question?
no, I want to block IP not deny like in reconnaissance in zone protection or in vulnerability protection that you can create a custom rule with 3600 seconds block IP.
I appreciate the response.
Maybe I do not understand; deny and block provide similar functionality
My original response of creating a rule to drop/deny a Source Address is probably the best way to block the IP.
I am not being argumentative, perhaps explaining more additional details regarding the use case for this request, will be help everyone to provide better responses.
I want to consider that if an IP make traceroute, this is the first step to do other bad activities on my infrastructure so I want to block it (and not deny) before it can attempt to infiltrate in my network.
While I agree this could be a start to bad things, its a common tool used by many different engineers. I high caution you against a block-ip approach as this will block legit traffic to/from a good host because someone ran a command.
Just a deny rule is much better in this case.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!