Issue Description

The public network accesses the NGAF port through Local ACL deny, but the nmap scan finds that the port is closed, but the client wants the port status to be filtered.

Handling Process

Go to Policies > NAT Check that the DNAT configuration does not use these ports.

Root Cause

NGAF has a reply RST package to the scanner,Then the scanner will think that the port status is filtered.

Solution

After modifying the following configuration, the NGAF will not send TCP Reset message to reject request.