I recently updated to GSM21.04.1 (OVA based) from the previous version GSM6.0.10 (ISO version) on VMWare ESXi. Now I have a strange behavior.
I use one scanner to hop around in several security zones. It is just a temporary solution until we switch over to GMSP by begin of next year.
In internal zones it works properly and scans everything. In DMZ based zones, it doesn’t find any hosts and doesn’t provide any results. With the previous version 6.0.10 (ISO based) it worked without an issue.
When I use the support command line I can ping hosts, so the connectivity to the zone and the hosts contained in that zone is available.
One thing I have seen is, that with an internal scan it quickly provides the hosts found. But with the DMZ the scan without results takes about 2 hours for scanning 250 IP addresses.
Is this a known bug and an upgrade to a more recent version will fix it?
Is there a possibility to have a look into the scanner logs to find out a little bit more about what the error is?
This is likely related, but I cannot pinpoint the exact root cause right now.
Since the new alive detection method is sending requests faster, could it be that the firewalls of the DMZ, or any other intrusion detection systems, are blocking or slowing down requests from the GSM?
Also, if you were using a custom scan config, did you adjust any settings of the VT Ping Host in the VT family Port scanners? These settings may no longer work as expected in 21.04. If so, please try again with default settings.
Last but not least, have you tried different Alive Test settings for the target?