Nessus scan intermittently blocked
-
Hi
Need help with Nessus scans issue with pfsense. I am using the latest pfsense version. When performing port scan with Nessus (Host Discovery), out of 40 same scans only 15 scans are able to go through, detecting the hosts to scan. In the scan configuration there are 2 target hosts one host is on the Internet and the other is localhost (Nessus) itself. In all scans localhost is detected but only 15 scans out of 40 scans the Internet host is detected. The firewall rule is allow all for outbound from Nessus. I have logged a case with Tenable and they confirmed it is a firewall issue. The strange thing is nmap scan from Nessus host does not have the same problem, all nmap scans detect the Internet host.
Please help.
-
What are your Nessus discovery settings?
When you say only some are able to go through, what are the symptoms you see of this? Do you know for certain that the internet host is online, and not blocking your requests?
Have you checked the firewall logs during the time a scan is run? If not, it'd be a good idea.I run a Nessus scan out to an internet host daily and haven't had any problems (except for the passes being logged even though I have rule entries to not log... which is why I'm here)