Hello, we have detected on several GWs with sweep and host port scan configured, that, when policies are pushed, scans with source IP the external IP of the GW are detected. This should not be possible, it is configured that only external connections should trigger this protections. We have seen this behaviour on several GWs of different customers, so, maybe it could be a general issue?. Please, has someone detected a similar behaviour? these scans are only detected at the same time policies are being pushed.
