Hello,
it happens that when a guest surfs on the web I get a long series of portscan in logs, such as this entry:
2011:11:11-09:58:17 MYFIREWALL ulogd[4917]: id="2102" severity="info" sys="SecureNet" sub="ips" name="portscan detected" action="portscan" fwrule="60017" initf="wlan0" outitf="eth1" srcmac="xx.xx.xx.xx.xx" dstmac="yy.yy.yy.yy.yy" srcip="IPWLAN" dstip="209.170.97.238" proto="17" length="73" tos="0x00" prec="0x00" ttl="127" srcport="2387" dstport="3478"
The guest network uses transparent mode, the pf rules allows to use web surfing ports. Any ideas why the activity of these clients are seen as portscan?
Thanks
EDIT: I thought that it could be a misconfiguration on proxy.pac, but also disabling autodiscovery in IE I get always this errors...
EDIT2: The strangeness is that in IPS Global Settings - Local networks - I don't have Guest network (because I don't want to protect it). So it should not be monitored... [:$]
This thread was automatically locked due to age.