Can i Allow list a IP addredd against ADP Scan-Detection on USG FLex 500?

Emerald
Emerald Posts: 36  Freshman Member
First Anniversary 10 Comments
Afternoon,

were using ADP Scan-Detection, however there are network inventory applications on a server within the network that trips this alarm every few hours.

Can we permit this IP at all please ?

crit                adp                    ACCESS FORWARD                                 

     Rule_id:1 from LAN to Any, [type:Scan-Detection(33)] tcp filtered distributed portscan Action:No Action


I see Security Policy > ADP > allow list

have created a object (lan ip of the server with issue) then any dest & serivice) but still getting alerts

Any pointers apreciated


All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,431  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @Emerald,
    ADP Allow list is mainly for Flooding Detection. It is unable to set IP white list for other ADP items.


  • lalaland
    lalaland Posts: 90  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    In general ADP attack items, source IP can be fake IP. it seems meaningless to whitelisting source in ADP.

Security Highlight