Host Sweep

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Host Sweep

L0 Member

Our Zone Protection | Hoist Sweep configuration was blocking Internet connections on some local hosts due to enabled "News and Interests" Windows 10 Toolbar.  I hope this helps with troubleshooting.

2 REPLIES 2

L5 Sessionator

It would depend on how the zone protection is configured. For the traffic from Trust to Untrust, it shouldn't be too strict especially when it's configured with "Block IP" action.
I'd also suggest to check the traffic log or sessions to see what kind traffic is matching with the condition. You may also want to capture packets on the Windows 10 machine with/without "News and Interests" toolbar enabled.

 

For your reference:
How do I analyze alerts for SCAN: Host Sweep (8002)?
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HBioCAG

 

L4 Transporter

Yes I agree with the @ymiyashita it is tricky to get the right balance when applying the zone protection to any trusted zones, especially ones that have user internet traffic behind them as often applications will be trying to connect to any number of endpoints and normally the health of these is decided by pinging a port or an IP,

For instance PIA or private internet access pings pretty much all it's endpoints constantly to check if they are available and does this even if it is not switched on.

The only way to apply this is to, over time adjust the levels to the point where you have a baseline of normal volumes and then you can allow for anomalies  to activate the protections.

Hope this helps.

PCCSA PCNSA PCNSE PCSAE
Mode44 LTD Palo Alto Consultants
  • 2700 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!