This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Whitelisting for PCI ASV Scan

Currently I could find no articles on the preferred method for Whitelisting a PCI ASV Scanner on the XG Firewall, given the number of businesses that are PCI compliant I would think there would be a general tutorial that outlines how to add the scanners IP's, where to place them in the firewall rules and how other rules and or aspects may also affect the outcome.

This thread was automatically locked due to age.

0 FloSupport over 3 years ago

Hi Badrobot

Thank you for reaching out to submit your idea!

I'll forward this over to our KBA team for their consideration.

Regards,

Florentino
Director, Global Community & Digital Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the 'Verify Answer' button.

The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel
0 Badrobot over 3 years ago

I should add that you need to create a new firewall rule for the scanners IP addresses or FQDN, disable all security measures and place it at the top of the rule list.

If you do not do this scanners may flag you for firewall interference, see https://www.tenable.com/plugins/nessus/96281 once this was flagged Tenable would not pass the PCI attestation.

Respectfully,

Badrobot
Cancel
Vote Up 0 Vote Down

Cancel