We recently had all 28 of our network scanned for vulnerabilities as part of our annual PCI audit. We have the same model MX and the same firewall rules in place on all 28 networks. The findings were interesting. Almost exactly half of the networks failed the scan due to vulnerabilities for TCP traffic on port 80.
If my firewall rules are all the same, and the devices on the network are 95% the same, why would half of the networks fail the scans and the other half pass?
Why doesn't IDS or IPS see the port scanning and block it?
I'm sure there are a million variables that could cause the pass/fail variances between theoretically identical network configs, despite that any ideas would be helpful.