Hello we need to know if McAfee Found Stone (Vulnerability Manager) 7.0 and/or 7.5 (7.x) Standalone can scan a net outside from it passing over a firewal, like that.
We don't recommend it but yes we can scan through a firewall as long as the firewall is configured to pass all traffic.
Manager WW Tier III Support Risk &Compliance
Security Management Business Unit
We are using MVM 7.5 to scan throug firewalls - it works as expected.
Firewall needs to be configured so that MVM traffic are allowed "unaltered" (no proxy or NAT).
It will work if you do as jhaynes proposes to "allow all trafic" - but to me it's a bit drastic.
Our setup works with only the ports listed in the KB below opened.
To check if things are correct setup in the firewall just try to do a quick asset scan.
If MVM returns assets on all IP adresses and maybe two assests for "live" addresses you have not configured the firewall correct.
BTW we are using Mcfee Enterprise firewall.
Agreed..scanning through firewalls will work--but--there are circumstances where it's a bad idea.
I've scanned successfully for years without issue--until a service running as part of of an application misbehaved when it recieved a udp packet.
So yes, the service was buggy, but it caused a continuous traffic loop with one of my scan appliances on the other side of a firewall, which in turn, caused a state table to fill up in the firewall, which exhausted firewall resources and begain causing some issues with other apps.
I'm looking to get a new appliance for the other side of the firewall to avoid this..at least where there are alot of hosts on "the other side".