Hi,
I have 2 FTD 2140 (version 6.3.0) managed by FMC 6.4.0.4 (build 34).
i have several portscan (PSNG_TCP_PORTSCAN (122:1:1)) intrusion events and i have tried to block them using the IPS rules (drop and generate events for this attack), NAP policy (enabling portscan preproccessor) and an ACP (activating NAP policy and applying the IPS policy to the correct rule), but i still got the "would have dropped" on the inline result, so they are recognized but not blocked.
So my question is, does anybody have achieved to block a portscan attack on FMC?..
best regards,
Juan Pablo