https://live.paloaltonetworks.com/t5/general-topics/pci-compliance-86476-web-server-stopped-responding/m-p/1229337#M124323 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/16234">@cenders</a>&nbsp;,</P> <P>&nbsp;</P> <P>Thanks for info, I am not sure, what method they are using to scan, if they are scanning the network behind your firewall then you have to open the requested ports to pass through the traffic from firewall.</P> <P>Second if they are scanning your firewall exposed Public IPs, then you don't need to do anything.</P> <P>&nbsp;</P> <P>Third if they are scanning firewall itself with logging to firewall then you have to allow the firewall access to there IP's to ssh / https the device for further scanning.</P> Sat, 17 May 2025 00:30:01 GMT mshekh 2025-05-17T00:30:01Z https://live.paloaltonetworks.com/t5/general-topics/pci-compliance-86476-web-server-stopped-responding/m-p/1229275#M124314 <P>First time in years, getting this failed result to a PCI scan.&nbsp;86476 Web Server Stopped Responding.</P> <P>&nbsp;</P> <P>Their tech suggests it has something to do with my PAN WAF/IDS and they have a bunch of IP addresses/ranges that I can whitelist. I find this odd as I've never had to whitelist them before and I've passed many many scans prior to this.</P> <P>&nbsp;</P> <P>How do I whitelist the&nbsp;Sysnet servers from any sort of WAF when they scan my external IP address?</P> <P>&nbsp;</P> <P>Or is this some sort of glitch in their scanner.&nbsp;&nbsp;</P> Fri, 16 May 2025 14:38:23 GMT https://live.paloaltonetworks.com/t5/general-topics/pci-compliance-86476-web-server-stopped-responding/m-p/1229275#M124314 cenders 2025-05-16T14:38:23Z https://live.paloaltonetworks.com/t5/general-topics/pci-compliance-86476-web-server-stopped-responding/m-p/1229337#M124323 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/16234">@cenders</a>&nbsp;,</P> <P>&nbsp;</P> <P>Thanks for info, I am not sure, what method they are using to scan, if they are scanning the network behind your firewall then you have to open the requested ports to pass through the traffic from firewall.</P> <P>Second if they are scanning your firewall exposed Public IPs, then you don't need to do anything.</P> <P>&nbsp;</P> <P>Third if they are scanning firewall itself with logging to firewall then you have to allow the firewall access to there IP's to ssh / https the device for further scanning.</P> Sat, 17 May 2025 00:30:01 GMT https://live.paloaltonetworks.com/t5/general-topics/pci-compliance-86476-web-server-stopped-responding/m-p/1229337#M124323 mshekh 2025-05-17T00:30:01Z https://live.paloaltonetworks.com/t5/general-topics/pci-compliance-86476-web-server-stopped-responding/m-p/1229540#M124340 <P>It is an external scan, scanning the exposed public IP for any vulnerabilities.&nbsp;&nbsp;</P> Tue, 20 May 2025 19:11:43 GMT https://live.paloaltonetworks.com/t5/general-topics/pci-compliance-86476-web-server-stopped-responding/m-p/1229540#M124340 cenders 2025-05-20T19:11:43Z https://live.paloaltonetworks.com/t5/general-topics/pci-compliance-86476-web-server-stopped-responding/m-p/1229567#M124341 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/16234">@cenders</a>&nbsp;,</P> <P>&nbsp;</P> <P>Thanks for info, If public facing IP's are allowed for specific source then you have to add those IP, if you have source any then you don't need to make any config change at your end...</P> Wed, 21 May 2025 02:32:18 GMT https://live.paloaltonetworks.com/t5/general-topics/pci-compliance-86476-web-server-stopped-responding/m-p/1229567#M124341 mshekh 2025-05-21T02:32:18Z