I need a solution
Hello,
I have an network scanner and we do a Vulnerability scan on the random computers. Now as you all know the IPS would block any Port scan attemps for 600 seconds.
So I have added the Scanner IP address to the IPS policy > Excluded Host > IP Address of the Scanner
I have also created a Firewall Rule to Allow all Traffic and Selected the Local/Remote combination to allow all Remote traffic from the Scanner's IP address.
Now when I check the IPS Attack logs I see that the 3 events
1) Active Response: The client will block the IP Address
2) Port Scan: Somebody is scanning your computer
3) Active Response that started at (Date) (Time)is disengaged.
And the scanner is not yeilding the expected results.
Any help would be appriciated.
Thanks,
0