how to block NMAP lan2lan traffic ?
Freshman Member
Accepted Solution
-
Hi @Ceccus,
If you're looking to block NMAP scans from clients on a different subnet, you can set up an ADP profile and policy on your ATP500 firewall by navigating to CONFIGURATION > Security Policy > ADP.
However, if the NMAP scans are originating from the same subnet, blocking them through the firewall alone is not possible. Since NMAP packets operate at Layer 2, the firewall's UTM functions (which operate at Layer 3) won't be able to block them, as the packets are forwarded directly through the switch chip in firewall.
For Layer 2 security, you can follow @PeterUK's suggestion to enable Intra-BSS Traffic blocking on your access points, and additionally, configure Layer 2 isolation on your switch to prevent communication between clients within the same network.
0
Zyxel Employee
All Replies
-
Not sure what you mean
Download the Free Nmap Security Scanner for Linux/Mac/Windows
0 -
Hi,
Thank you for your reply.
I don't want the NMAP download. I want to block NMAP L2L traffic with the ATP500 Zyxel firewall.D.
0 -
So you want to stop port and arp scanning on the LAN?
Or LAN devices to be isolated from one another?
0 -
Hi @Ceccus ,
Could you please provide more details about the type of NMAP scan you'd like to block? This will help us better understand the situation and offer more specific guidance.
0 -
Hi
Thank you for your reply.
For example, I would like to block the execution of this command :nmap -T4 -A -v 192.168.2.1/24
Thanks again
D.
0 -
You can't stop a device that does a command so you have a untrusted user on your network the USG can not see the device running this command unless you have something installed to detect it.
If the device scans a subnet on a switch the USG is not involved unless you setup a proxy ARP setup to have all devices run by it of the traffic that is sent it or have a switch with isolation option
0 -
Hi @Ceccus
Is 192.168.2.1 the IP address of the ATP500's LAN gateway, and are you looking to prevent clients within the 192.168.2.X range from scanning the gateway IP?
Could you also share more details on why you want to block this scan? For example, are frequent NMAP scans affecting the performance of your internal network? If the goal is to block a specific client from running NMAP scans, you can configure a security policy to block traffic from that client's IP.
0 -
Hi Key
Thank you for your reply.
Yes the IP address of the ATP500 is 192.168.2.1
The objective is to block NMAP scans within the 192.168.2.1/24 LAN made by any client because they could be malicious.
The network currently consists of about 40 clients connected via Wi-Fi, a Zyxel GS1900-8HPV2 switch, 6 Zyxel NWA110AX APs and the ATP500.0 -
On the AP you can Enable Intra-BSS Traffic blocking.
1 -
Hi @Ceccus,
If you're looking to block NMAP scans from clients on a different subnet, you can set up an ADP profile and policy on your ATP500 firewall by navigating to CONFIGURATION > Security Policy > ADP.
However, if the NMAP scans are originating from the same subnet, blocking them through the firewall alone is not possible. Since NMAP packets operate at Layer 2, the firewall's UTM functions (which operate at Layer 3) won't be able to block them, as the packets are forwarded directly through the switch chip in firewall.
For Layer 2 security, you can follow @PeterUK's suggestion to enable Intra-BSS Traffic blocking on your access points, and additionally, configure Layer 2 isolation on your switch to prevent communication between clients within the same network.
0
Guru Member
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
