Zone protection for scan up / ports from internet ( untrust)
Showing results for 
Search instead for 
Did you mean: 

Zone protection for scan up / ports from internet ( untrust)

L0 Member

Hi ,

Anyone enable zone protection for protect and drop scan ip and ports from untrust / internet to DMZ or untrust ?

i enabled it but I have alerts only from DMZ to untrust and not from untrust to DMZ or untrust to untrust.


Cyber Elite
Cyber Elite


Have you actually toned it for your environment. The thing with ZPP is that they need to be customized to your environment; the defaults won't do you any good. 


How do you determine the right settings, are there general guidelines or some reference available? 



Learn at least one new thing every day.


When it comes to flood protection you need to adjust the alarm rate based off of the information you can gather through a netflow capture, or you can simply take a guess and adjust as needed. Just ensure that you are only lowering the alarm rate and not the activate and maximum values and you'll only trigger a log when that rate is hit.


For Reconnaissance Protection you can set the action to alert and mess around with the interval/threshold value as you see fit. Again, as long as it is only set to alert no negative action will take place. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!