Port scanning from trusted to external: exclude from monitoring

I have a branch office with an XTM21 (but this could also happen with newer models) where PCs are randomly put in blocked sites list with reason "Port scanning".
It happens rarely (say once every couple of months), so it's really hard to track.
I suspect that this has something to do with a printer monitoring software or something similar, but I can't tell for sure.
I also tried to run a packet capturing tool, but due to the randomness of the issue I've not been able to identify the process that is causing this.

It would be fine for me to disable port scanning checks for traffic that originates from the trusted network, while I would like to keep in place checks for traffic from external.

Is there a way to do this? The only setting I found for port scan is in "Default packet handling" and seems to be related to every kind of traffic.

Thank you!

Comments

Sign In to comment.