firewall defend port-scan enable

By default, the port scanning attack defense is disabled.

After you configure port scanning attack defense, the FW detects the received TCP and UDP packets. If the number of packets with different destination ports from a specific source IP address per second exceeds the threshold, the FW determines that the host at this IP address launches port scanning attacks, blacklists this IP address, and processes the packets as follows:

• If the blacklist function is enabled ( firewall blacklist enable ) on the FW, the FW discards the packets from this IP address.
• If the blacklist function is disabled on the FW, but the firewall defend action discard command is executed, the system will still generate alarms and discards the packets.

If a source IP address is whitelisted, port scan attack defense will not be implemented for the source IP address.

In NAT or proxy scenarios, one IP address may be used to access different destination ports. Therefore, do not enable this function.