> I am trying to remotely scan one of my networks and it gets about 10-15 > ports through the port scan and the watchguard firewall "temporarily" blocks > me. GRRR! Then my VPN is useless until I reboot the firebox. (which requires > a phonecall...again to a now "pissed off" onsiter!!)
Generally speaking, you should NOT scan through a firewall, or, as in the case of a SOHO firewall, that SOHO firewall will block you due to any number of conditions: A) you just filled up the state table (SOHO fw might only hold 2000 connections) B) you triggered any number of 'auto block' conditions in the FW (port scan, 'ping scan', POD, arp spoof, etc) > > Is there a way to quieten the scan or allow me access on the firebox setup? > I have admin rights everywhere so I dunno what the hell im doin wrong!! put the nessus SERVER on the far end of the firewall. use nmap for port scan, make it timing paranoid, in scan options, only scan one computer at a time, one scan in parallel, use safe mode If that doesn't help, like I said,put nessus at other end of firewall. -- Michael Scheidell SECNAP Network Security, LLC Sales: 866-SECNAPNET / (1-866-732-6276) Main: 561-368-9561 / www.secnap.net
