Currently I could find no articles on the preferred method for Whitelisting a PCI ASV Scanner on the XG Firewall, given the number of businesses that are PCI compliant I would think there would be a general tutorial that outlines how to add the scanners IP's, where to place them in the firewall rules and how other rules and or aspects may also affect the outcome.
Hi Badrobot
Thank you for reaching out to submit your idea!
I'll forward this over to our KBA team for their consideration.
Regards,
I should add that you need to create a new firewall rule for the scanners IP addresses or FQDN, disable all security measures and place it at the top of the rule list.
If you do not do this scanners may flag you for firewall interference, see https://www.tenable.com/plugins/nessus/96281 once this was flagged Tenable would not pass the PCI attestation.
Respectfully,
Badrobot