Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 26 subscribers
  • Views 899 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allow nmap scan of public wan address

Sophos User90

Hi,

Using Xg v18, how would you allow an external company access to scan your public facing ip address with nmap for compliance reasons?

We have a list of specific ips we need to allow access and have tried creating dnat and firewall rules but the traffic always gets dropped by rule 0

This used to work in v17 but with v18 we cannot find a way.

Any help would be greatly appreciated

Thank you



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to FormerMember

    Hi,

    Thankyou for your reply.

    That is one thing that I had not considered and could well be the answer!

    I will configure this and get the test run again and see if there is any improvement

    Many thanks

  • 0 in reply to FormerMember

    So using local acl exception does allow access to scan the few services that are available to add in the acl excpetion rule which is good. (HTTPS, VPN, SSL  etc..)

     

    However i guess my question is, is there a way to allow an external ip access to scan every port unfiltered on the xg without being denied like this packet capture shows?

     

     

    So basically what we would like is for the source ip to have full access to everything unfiltered on the destination ip.

     

    Is such a thing even possible?

  • FormerMember
    0 FormerMember in reply to Sophos User90

    Hi  

    It is not possible the way you want to scan the XG firewall. If it is for an internal server, you could create a DNAT rule and allow services that you want to scan on the server. 

    Thanks,