08-01-2017 08:37 AM
Hi all,
Looking for some feedback from anyone else who has run into this issue before.
Basically we have zone protection set up for our Wifi and ResNet security zones. Included in this zone protection is a block-ip rule for port scanning. We've received a request to allow client devices on these networks to reach a server using a specific piece of software and that software, by default, does a port scan... I'm guessing to identify which ports the server is set up to use. My security logs show the traffic is allowed but with tcp-rst-from-server on the attempts. If I go and look at the threat logs on the firewalls (instead of Panorama) I'm seeing block-ip happening due to the port scan.
Is there a way around this that anyone has come up with besides disabling port scan protection? The simplest thing to do would be to put in an exception for that specific destination IP but it looks like exceptions are currently source IP based only. I would not know the source IP addresses for these clients since it is DHCP and we wouldn't be doing reservations for them.
Thanks!
