https://community.sophos.com/utm-firewall/f/network-protection-firewall-nat-qos-ips/99840/portscan-notificationsThis may be a little tough to answer, but a question.... So I have as Rule #1 in my firewall to DROP all connections Incoming/Outgoing if it is in an ip address range/network/etc. as a first line of defense. I then receive notifications about a portscanen-USTelligent Community 12https://community.sophos.com/thread/362805?ContentTypeID=1Wed, 24 Jan 2018 13:46:50 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:540b5e4d-0881-49e6-9608-17b602a6baf1BAlfson<p>Z, take a look at #2 in <a href="/products/unified-threat-management/f/general-discussion/22065/rulz">Rulz</a>.</p> <p>Cheers - Bob</p><div style="clear:both;"></div>https://community.sophos.com/thread/362694?ContentTypeID=1Tue, 23 Jan 2018 14:31:48 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:b875d651-d67a-4578-85f3-dee3db3385aeAlexander Busch<p>[quote user=&quot;zburns&quot;]I&#39;ve also thought about an auto-block - but that scared me a little bit.  You could create an issue real quick by scanning yourself.  :-)</p> <p>[/quote]</p> <p>Make an exception for your internal lan.</p><div style="clear:both;"></div>https://community.sophos.com/thread/362681?ContentTypeID=1Tue, 23 Jan 2018 12:37:55 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:ab0e1c16-b8c1-4729-8d8a-9abf336475a5zburns<p>I&#39;ve also thought about an auto-block - but that scared me a little bit.&nbsp; You could create an issue real quick by scanning yourself.&nbsp; :-)</p><div style="clear:both;"></div>https://community.sophos.com/thread/362679?ContentTypeID=1Tue, 23 Jan 2018 12:22:50 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:72bc8b48-45f5-4308-a463-f49a85ede3f4Alexander Busch<p>Maybe this one is interessting <a href="https://community.sophos.com/kb/en-us/115153">community.sophos.com/.../115153</a> </p> <p>So a connection attempt is already enough I think. It seems the attempt is already be counted in front of the manual firewall rules.</p> <p>Best</p> <p>Alex</p> <p>PS A nice feature of UTM would be automaticly block IPs which triggered IPS for example. </p><div style="clear:both;"></div>