Don't jump to strong Zone Protection immidiately.
Go in steps.
From my experience.
Company with 2 sites.
Strict ip and port scan restrictions in Zone protection.
Guy from one site tried to call to guy at other site.
He used Skype that likes to probe what open ports other peer has.
And firewall of site 1 blacklisted site 2. VPN and all intra company traffic were blocked.
Now with newer releases you can exclude some ip's in Zone protection so this helps 🙂
Do you think it's possible to apply "zone protection" on DMZ? Or I have to apply this profile on the "OUTSIDE" zone?
I have tried to apply it on DMZ, and test it (configured minimum threshold) with a port scan via NMAP.. No threat logs generated.
On which zone "zone protection" has to be applied?
You can apply zone protection on whatever zone you wish, and really you should have one for your DMZ and your OUTSIDE zones if you have both. Depending on how you have things setup would indicate what zone your traffic shows, but you can verify this in your traffic log by (addr in publicip) and seeing what your destination zone is for traffic going to that address.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!