Description: To decrease false positives, you can ignore Port Scan traffic from known traffic sources (such as internal scanners) and still receive other connection attempts : SSH, Telnet, SMB access...
Follow the steps below to add an ignore for known Port Scan traffic from specific Source IPs to the ignore list on your Console:
Log in to your Console.
Click on the Gear Icon and then Global Settings.
Click on Ignored IPs and Ports and then enable Ignored IPs and Ports from the menu.
There are a few different options when it comes to ignoring Port Scan activity
- Comments can be added to help organise the list.
- Ignore based on single IP Addresses and Port Scan activity.
- Ignore a range of IP Addresses and Port Scan activity.
- Multiple IP's can be separated by commas ( , )
- A wildcard ( * ) can be used on the last byte.
- Additional Ports can be added and separated by commas ( , )