Configuration of port scan attack defense for the USG6000 series on the CLI

You can configure port scan attack defense for the USG6000 series on the CLI.

1. Run the firewall defend port-scan enable command to enable port scan attack defense.
By default, port scan attack defense is disabled.
2. Run the firewall defend port-scan max-rate max-rate-number command to set the port scan maximum connection rate.
By default, the maximum connection rate is 4000 pps.
3. Run the firewall defend port-scan blacklist-timeout interval command to set the blacklist aging time.
By default, the blacklist aging time is 20 minutes.
4. Run the firewall blacklist enable command to enable the blacklist function.

After port scan attack defense is enabled, the device checks received TCP and UDP packets. If the number of packets that a source address sends per second to different destination ports exceeds the specified threshold, the USG6000 considers that the source address is initiating a port scan attack. It blacklists the IP address and:
Discards the packets from the source address if the blacklist function is enabled.
Forwards the packets from the source address and generates an alarm if the blacklist function is disabled.

Scroll to top