This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Whitelisting for PCI ASV Scan

Currently I could find no articles on the preferred method for Whitelisting a PCI ASV Scanner on the XG Firewall, given the number of businesses that are PCI compliant I would think there would be a general tutorial that outlines how to add the scanners IP's, where to place them in the firewall rules and how other rules and or aspects may also affect the outcome.

This thread was automatically locked due to age.

Parents

0 Badrobot over 3 years ago

I should add that you need to create a new firewall rule for the scanners IP addresses or FQDN, disable all security measures and place it at the top of the rule list.

If you do not do this scanners may flag you for firewall interference, see https://www.tenable.com/plugins/nessus/96281 once this was flagged Tenable would not pass the PCI attestation.

Respectfully,

Badrobot
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Badrobot over 3 years ago

I should add that you need to create a new firewall rule for the scanners IP addresses or FQDN, disable all security measures and place it at the top of the rule list.

If you do not do this scanners may flag you for firewall interference, see https://www.tenable.com/plugins/nessus/96281 once this was flagged Tenable would not pass the PCI attestation.

Respectfully,

Badrobot
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data