i have some strange issues with the ASG's PortScan-Detection. If i start to much applications (skype, icq, irc, thunderbird) in a very short time, the ASG blocks all outgoing traffic from my client for around 5 minutes.
the log's are flooded with entrys like this one:
2011:10:24-19:02:21 asg ulogd[5473]: id="2102" severity="info" sys="SecureNet" sub="ips" name="portscan detected" action="portscan" fwrule="60017" initf="eth0" outitf="eth1" srcmac="0:15:aa:bb:cc[:D]d" dstmac="ff:ee[:D]d:cc:bb:aa" srcip="192.168.1.101" dstip="1.2.3.4" proto="6" length="52" tos="0x00" prec="0x00" ttl="127" srcport="49816" dstport="80" tcpflags="SYN"
That was a simple HTTP Request, which was blocked by the ASG as portscan ?
This thread was automatically locked due to age.
