IDS rule for NMAP or other scanners

Hello!

Sophos XG doesn't support blocking port scanners, I recommend you to Vote at the current Feature Request in here.

Regex said:

Also can someone explain me whats means source and destination in DDOS SETTINGS ? DOCS which i have found arent helpful:

I think I'm wrong at this one, either way there's not a lot of reasons to use DOS Protection on the Firewall, DDoS attacks should be handled by the upstream provider or routers.

Source = Incoming Traffic.

Destination = Outgoing Traffic.

Hello!

Sophos XG doesn't support blocking port scanners, I recommend you to Vote at the current Feature Request in here.

Regex said:

Also can someone explain me whats means source and destination in DDOS SETTINGS ? DOCS which i have found arent helpful:

I think I'm wrong at this one, either way there's not a lot of reasons to use DOS Protection on the Firewall, DDoS attacks should be handled by the upstream provider or routers.

Source = Incoming Traffic.

Destination = Outgoing Traffic.

Every time im asking about some CRUCIAL features from security prespective Ive got an answer "a roadmap" :D  so thats pity that i cant block most scans  from outside of the network(WAN). but regarding DDOS - Im totally agreee with ya  but i havent found any usefull information(explain) in docs thats why im asing. Btw if i'll set Source: 

Lets say i'll try ping 1.1.1.1 then i can get:

Ive thought also that "Source is from WAN" but im not sure regarding the test which im getting results of.

The Source isn't the WAN, The Source & Destination depends on the flow of the traffic.

If your computer is doing a ping to 1.1.1.1, then your computer is the Source, and the 1.1.1.1 is the destination.

hm... then im wrong. I thought that i can control how some service can reach(ping) me from WAN  how many requests can be respond.