Norton AntiVirus 11.1.1f2 running on a G5 Dual 2 GHz, 2.5 Gb RAM running OS X Server 10.5.8. The G5 Server is an Open Directory master also hosting mail service, web and DNS and has a static IP address 70.x.x.a. It is on a 100Base-T Ethernet network, as is our company's cablemodem which has a static IP 70.x.x.b, and a hardware firewall with static IP 70.x.x.c. The hardware firewall is configured to provide NAT services to our network behind an outgoing (public) static IP 70.x.x.d. The rest of our network uses an intranet DHCP system also handled by our firewall which provides dynamic IP addresses in the form 10.x.x.x.

Every few days for the past couple of weeks we notice we can no longer access our email from the office intranet and that our web-browsing has slowed to a crawl. When I check the G5 Server, Norton Vulnerability Protection has notified that a Portscan occurred from 70.x.x.d, which is our outgoing (public) static IP address assigned by the NAT service handled by our hardware firewall. NAV's Portscan notification apparently denies access to our server's mail service and also to its DNS service, which I guess is why our web-browsing slows.

I can remedy the situation by temporarily turning off notifications about Portscans in NAV, and then turning them back on after a pause of 15 minutes or so. Everything is fine for the next few days, when the problem repeats itself.

Two questions: 1. Does NAV have a "whitelist" for its Vulnerability Protection, where I can enter 70.x.x.d as "friendly"? (We do NOT own NAV Firewall or any other Symantec product); 2. Can I infer from this that something within our own network is triggering the portscans? Because of NAT our network users are all identified to the outside world as 70.x.x.d, and that's the very IP address which triggers the Portscan notification on our G5 server.

Thanks for any advice!