This is an issue I've constantly come across when trying to scan Windows Server hosts: our scanning profile always seems to identify port-filtering/firewalls, yet configurations on the Windows host and firewall have inbound any-any rules for our appliances. There can be a few devices that sit between our scanning engines and hosts, so it can be difficult to identify the origin of the port-filtering.
I guess my question is one of two:
- Apart from these requirements, are there any other requirements for Windows Servers?
- If not: is there a way for Qualys to identify the origin of the port-filtering? i.e. if the rules on the host do not filter traffic, can Qualys identify the intermediate device that would be causing the results?