Can I block port scans at my firewall?
|Article:TECH78769|||||Created: 2001-01-18|||||Updated: 2002-01-18|||||Article URL http://www.symantec.com/docs/TECH78769|
You want to know if you can block a port scan from hitting your firewall (i.e. trying to place the firewall on Stealth mode). You do not want the outside world to see the ports that the firewall is listening on.
block port scan stealth interface filters
You can block port scans at the firewall by using Interface Filters. For more information on this process, see the document How to enhance the Symantec Enterprise Firewall security with interface filters. However, any port you block or filter out will not function, even for legitimate outbound traffic.
This is because the Raptor Firewall permits or denies IP packets at the application layer of the OSI model. The firewall interfaces and the operating system need to listen on ports that are in use by the firewall daemons or any Generic Service Passers (GSPs) in order to pass traffic.
NOTE: It is acceptable for the outside world to see what ports is the firewall listening on because the firewall, configured properly, only allows valid traffic. It is not possible to make the firewall invisible (Stealth mode) to scans or pings because, for the firewall to work, it needs to listen on the port numbers where it expects traffic.
Article URL http://www.symantec.com/docs/TECH78769