How to disable TCP Wrapping/Default Open Ports on certain firewalls that causes asset misdetection in Delve.
Certain Firewalls either do TCP Wrapping or simulate responses on some specific ports, causing Delve do detect potential responding hosts when auto-discovering across network zones.
Typical ports affected are Port 2000, Port 5060, Port 5061, but there might be other ports affected as well.
This issue is especially present with Fortinet Firewalls default configuration, here is the documentation on how to address this issue:
Cisco Firewalls (ASA/ADSM):
This issue can be present with certain Cisco Firewalls especially the ASA module (or ADSM) that has a few threat protections that can be enabled.
It is be possible to reduce the impact of the misdetection of hosts by whitelisting our IP range in the ASA appliance threat-detection module with a similar command as this one:
threat-detection scanning-threat shun except ip-address 126.96.36.199/26