Can i Allow list a IP addredd against ADP Scan-Detection on USG FLex 500?

Emerald
Emerald Posts: 36  Freshman Member
First Comment Fifth Anniversary
Afternoon,

were using ADP Scan-Detection, however there are network inventory applications on a server within the network that trips this alarm every few hours.

Can we permit this IP at all please ?

crit                adp                    ACCESS FORWARD                                 

     Rule_id:1 from LAN to Any, [type:Scan-Detection(33)] tcp filtered distributed portscan Action:No Action


I see Security Policy > ADP > allow list

have created a object (lan ip of the server with issue) then any dest & serivice) but still getting alerts

Any pointers apreciated


All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Hi @Emerald,
    ADP Allow list is mainly for Flooding Detection. It is unable to set IP white list for other ADP items.


  • lalaland
    lalaland Posts: 91  Ally Member
    First Answer First Comment Friend Collector Sixth Anniversary
    In general ADP attack items, source IP can be fake IP. it seems meaningless to whitelisting source in ADP.

Security Highlight