AnsweredAssumed Answered

Palo Alto PAN Firewall Port Scanning Techniques

Question asked by Chris Doucette on Mar 22, 2016
Latest reply on Mar 23, 2016 by Martin Walker

We have Qualys scanning / monitoring a range of IPs that are NATs on our PAN.  The appropriate Qualys IP ranges are white-listed.  The problem we are encountering is that the PAN is designed to thwart fingering va port scanning.  One such countermeasure is that the PAN reports ALL (or many random) ports being open on any particular host being scanned.  This behavior, though great for it's intended purpose, leaves me with erroneous information.

 

Has anyone encountered this?  If so, are there any scanning configurations you have found to work with PANs well?

Outcomes