Configuring port scan attack defense using the CLI for the USG2000&5000 series

The USG2000&5000 series supports configuring port scan attack defense using the CLI.

1. Run the firewall defend port-scan enable command to enable the port scan attack defense function.
Port scan attack defense is disabled by default.
2. Run the firewall defend port-scan max-rate max-rate-number command to set the maximum connection rate.
The default maximum connection rate is 4000 pps.
3. Run the firewall defend port-scan blacklist-timeout interval command to set the blacklist aging time.
The default blacklist aging time is 20 minutes.
4. Run the firewall blacklist enable command to enable the blacklist function.

After port scan attack defense is enabled, the USG detects received TCP and UDP packets. If the number of packets with different destination ports from a specific source IP address per second exceeds the threshold, the USG determines that the host at this IP address launches port scan attacks, blacklists this IP address, and processes the packets as follows:
If the blacklist function is enabled, the USG discards the packets from this IP address.
If the blacklist function is disabled, the USG generates an alarm but does not discard the packets.

Scroll to top