I'm having an issue with my desktop/workstation scan running long/cancelling, and it appears to be tied to the inclusion of port 443 in my scan profile. Any guidance/info would be greatly appreciated.
Jamie, it is likely the firewall that is causing the issue. Next-generation firewalls are usually configured to perform deep packet inspection of HTTP(S) traffic. This increases your scan time and may even lead to the firewall blocking scan traffic.
Are you able to fully whitelist the scanner appliance IP address and try again?
You may find that a firewall, ACL, WAF or scanning across VLANs may be interfering with your scan's performance.
I highly suggest visiting Scanning Strategies and Best Practices on Vimeo as you may find the exact answer you are looking for our online self-paced training video collection.
Below, you will find my personal preferences for client endpoint scan option profile customization.
Thank you very much for your response. I haven't checked the "Ignore firewall-generated TCP SYN-ACK packets" option. Could that be tying down my (large) workstation scan?
Jamie can you share some more details?
Is this happening only for a specific device or a bunch of them? Is the device sitting behind a filtering device like a firewall? How were you able to identify that port 443 is causing the issue?
It's only a problem when scanning a workstation asset group. The reason I believe it's that port is because the problem started after I noticed that 443 wasn't included on the scan profile and changed that. Nothing else changed as far as I can tell (such as firewall rules, etc.). The scan is hitting assets, it seems as if it is just taking too long--and eventually timing out/cancelling. Thank you for your feedback.
Thank you, Shyam
Retrieving data ...