SEP version 14.0 RU1 MP1
I have configured the SEP firewall rule for one specific client to block port 8570 and 8850 from "Any" host and "Any Application". I have tested the rule and can see almost all source IP coming to the client over 8570,8850 TCP got blocked in the traffic log. However, there is one IP that never got blocked (our in-house vulnerability scanner) and also does not show entry in the Traffic Log like others that I have tested. So I can't even see which rule actually allowed the traffic to come in. I've test on source with Windows and also CentOS both from inside the same subnet and different subnet, everyone of them got blocked but this one. My Block rule is also at the top most so it should be the first to process. I've ran out of ideas.