Attack prevention Port scan

Hello,
why then I enable “port scan” attack prevention, I can’t access via https remote access and not working port forward. ( Web remote access and port forward has “source ip address”. ).
So I understood, that must be blocket all ip addresses if they scanning my wan ports, but not blocket my https remote access and port forward… So are blocket only “hackers” ip addresses or are blocket all ip addresses ?
Teltonika RUT241, latest firmware.

Greetings @vaidas,

Thank you for your inquiry.

From the description, it sounds like the issue you’re facing is similar to a known case discussed in the topic here:

The current solution is also provided in the comment here: Https from wan side on 7.12 now taking minutes - #8 by alienheartbeat at the end of that thread.

In short, when accessing the WebUI remotely, the browser typically initiates multiple requests (around seven) during page load. This burst of activity can trigger the Port Scan Attack Prevention, which mistakenly identifies it as suspicious behavior and begins dropping packets, affecting both remote HTTPS access and port forwarding.

This issue didn’t appear in older firmware versions (<7.11.3) because the attack prevention feature, under certain conditions, wasn’t properly applying firewall rules. This was corrected from the 7.12 FW release and above, which is why the protection is now functioning more strictly.

Our R&D team is aware of this and, to improve usability while maintaining security, the default port scan detection thresholds will be increased in the upcoming firmware version 7.14.

Let me know if you have any additional questions.

Thank you for your understanding.

Best regards,

Hi,
increased threshold ( 20 scan count per 30 sec ) and the same result: blocket https remote access even if my address is in source access list. Why router blocking remote access address ??? I understoot, it must block not all addresses, but only addresses with multiple connections to router…