how to block NMAP lan2lan traffic ?

Ceccus

Ceccus Posts: 30

Freshman Member

First Comment

Friend Collector

Fifth Anniversary

September 25 in Security

Hi,

My configuration : ATP500

how to block NMAP lan2lan traffic ?

Thank you for any answers

0

Accepted Solution

Zyxel_Kay Posts: 1,103 Zyxel Employee

October 1 Answer ✓

Hi @Ceccus,
If you're looking to block NMAP scans from clients on a different subnet, you can set up an ADP profile and policy on your ATP500 firewall by navigating to CONFIGURATION > Security Policy > ADP.
However, if the NMAP scans are originating from the same subnet, blocking them through the firewall alone is not possible. Since NMAP packets operate at Layer 2, the firewall's UTM functions (which operate at Layer 3) won't be able to block them, as the packets are forwarded directly through the switch chip in firewall.
For Layer 2 security, you can follow @PeterUK's suggestion to enable Intra-BSS Traffic blocking on your access points, and additionally, configure Layer 2 isolation on your switch to prevent communication between clients within the same network.

Kay

Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
0

All Replies

PeterUK Posts: 3,389 Guru Member

September 25

Not sure what you mean
Download the Free Nmap Security Scanner for Linux/Mac/Windows

0
Ceccus Posts: 30 Freshman Member

September 25

Hi,
Thank you for your reply.
I don't want the NMAP download. I want to block NMAP L2L traffic with the ATP500 Zyxel firewall.
D.

0
PeterUK Posts: 3,389 Guru Member

September 26 edited September 26

So you want to stop port and arp scanning on the LAN?
Or LAN devices to be isolated from one another?

0
Zyxel_Kay Posts: 1,103 Zyxel Employee

September 26

Hi @Ceccus ,
Could you please provide more details about the type of NMAP scan you'd like to block? This will help us better understand the situation and offer more specific guidance.

Kay

Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
0
Ceccus Posts: 30 Freshman Member

September 26

Hi
Thank you for your reply.
For example, I would like to block the execution of this command :
nmap -T4 -A -v 192.168.2.1/24
Thanks again
D.

0
PeterUK Posts: 3,389 Guru Member

September 26 edited September 26

You can't stop a device that does a command so you have a untrusted user on your network the USG can not see the device running this command unless you have something installed to detect it.
If the device scans a subnet on a switch the USG is not involved unless you setup a proxy ARP setup to have all devices run by it of the traffic that is sent it or have a switch with isolation option

0
Zyxel_Kay Posts: 1,103 Zyxel Employee

September 27

Hi @Ceccus
Is 192.168.2.1 the IP address of the ATP500's LAN gateway, and are you looking to prevent clients within the 192.168.2.X range from scanning the gateway IP?
Could you also share more details on why you want to block this scan? For example, are frequent NMAP scans affecting the performance of your internal network? If the goal is to block a specific client from running NMAP scans, you can configure a security policy to block traffic from that client's IP.

Kay

Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
0
Ceccus Posts: 30 Freshman Member

September 27

Hi Key
Thank you for your reply.
Yes the IP address of the ATP500 is 192.168.2.1
The objective is to block NMAP scans within the 192.168.2.1/24 LAN made by any client because they could be malicious.
The network currently consists of about 40 clients connected via Wi-Fi, a Zyxel GS1900-8HPV2 switch, 6 Zyxel NWA110AX APs and the ATP500.

0
PeterUK Posts: 3,389 Guru Member

September 27

On the AP you can Enable Intra-BSS Traffic blocking.

1
Zyxel_Kay Posts: 1,103 Zyxel Employee

October 1 Answer ✓

Hi @Ceccus,
If you're looking to block NMAP scans from clients on a different subnet, you can set up an ADP profile and policy on your ATP500 firewall by navigating to CONFIGURATION > Security Policy > ADP.
However, if the NMAP scans are originating from the same subnet, blocking them through the firewall alone is not possible. Since NMAP packets operate at Layer 2, the firewall's UTM functions (which operate at Layer 3) won't be able to block them, as the packets are forwarded directly through the switch chip in firewall.
For Layer 2 security, you can follow @PeterUK's suggestion to enable Intra-BSS Traffic blocking on your access points, and additionally, configure Layer 2 isolation on your switch to prevent communication between clients within the same network.

Kay

Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
0

Security Highlight

Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文（台灣）