how to block NMAP lan2lan traffic ?

Ceccus
Ceccus Posts: 30  Freshman Member
First Comment Friend Collector Fifth Anniversary

Hi,

My configuration : ATP500

how to block NMAP lan2lan traffic ?

Thank you for any answers

Accepted Solution

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,204  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security
    Answer ✓

    Hi @Ceccus,

    If you're looking to block NMAP scans from clients on a different subnet, you can set up an ADP profile and policy on your ATP500 firewall by navigating to CONFIGURATION > Security Policy > ADP.

    However, if the NMAP scans are originating from the same subnet, blocking them through the firewall alone is not possible. Since NMAP packets operate at Layer 2, the firewall's UTM functions (which operate at Layer 3) won't be able to block them, as the packets are forwarded directly through the switch chip in firewall.

    For Layer 2 security, you can follow @PeterUK's suggestion to enable Intra-BSS Traffic blocking on your access points, and additionally, configure Layer 2 isolation on your switch to prevent communication between clients within the same network.

    Kay

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

All Replies

  • PeterUK
    PeterUK Posts: 3,460  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
  • Ceccus
    Ceccus Posts: 30  Freshman Member
    First Comment Friend Collector Fifth Anniversary

    Hi,

    Thank you for your reply.
    I don't want the NMAP download. I want to block NMAP L2L traffic with the ATP500 Zyxel firewall.

    D.

  • PeterUK
    PeterUK Posts: 3,460  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited September 26

    So you want to stop port and arp scanning on the LAN?

    Or LAN devices to be isolated from one another?

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,204  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security

    Hi @Ceccus ,

    Could you please provide more details about the type of NMAP scan you'd like to block? This will help us better understand the situation and offer more specific guidance.

    Kay

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • Ceccus
    Ceccus Posts: 30  Freshman Member
    First Comment Friend Collector Fifth Anniversary

    Hi
    Thank you for your reply.
    For example, I would like to block the execution of this command :

    nmap -T4 -A -v 192.168.2.1/24

    Thanks again

    D.

  • PeterUK
    PeterUK Posts: 3,460  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited September 26

    You can't stop a device that does a command so you have a untrusted user on your network the USG can not see the device running this command unless you have something installed to detect it.

    If the device scans a subnet on a switch the USG is not involved unless you setup a proxy ARP setup to have all devices run by it of the traffic that is sent it or have a switch with isolation option

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,204  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security

    Hi @Ceccus

    Is 192.168.2.1 the IP address of the ATP500's LAN gateway, and are you looking to prevent clients within the 192.168.2.X range from scanning the gateway IP?

    Could you also share more details on why you want to block this scan? For example, are frequent NMAP scans affecting the performance of your internal network? If the goal is to block a specific client from running NMAP scans, you can configure a security policy to block traffic from that client's IP.

    Kay

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • Ceccus
    Ceccus Posts: 30  Freshman Member
    First Comment Friend Collector Fifth Anniversary

    Hi Key
    Thank you for your reply.
    Yes the IP address of the ATP500 is 192.168.2.1
    The objective is to block NMAP scans within the 192.168.2.1/24 LAN made by any client because they could be malicious.
    The network currently consists of about 40 clients connected via Wi-Fi, a Zyxel GS1900-8HPV2 switch, 6 Zyxel NWA110AX APs and the ATP500.

  • PeterUK
    PeterUK Posts: 3,460  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    On the AP you can Enable Intra-BSS Traffic blocking.

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,204  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security
    Answer ✓

    Hi @Ceccus,

    If you're looking to block NMAP scans from clients on a different subnet, you can set up an ADP profile and policy on your ATP500 firewall by navigating to CONFIGURATION > Security Policy > ADP.

    However, if the NMAP scans are originating from the same subnet, blocking them through the firewall alone is not possible. Since NMAP packets operate at Layer 2, the firewall's UTM functions (which operate at Layer 3) won't be able to block them, as the packets are forwarded directly through the switch chip in firewall.

    For Layer 2 security, you can follow @PeterUK's suggestion to enable Intra-BSS Traffic blocking on your access points, and additionally, configure Layer 2 isolation on your switch to prevent communication between clients within the same network.

    Kay

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

Security Highlight