Re: Start employing people who actually know what they're talking about
There's no PCI-DSS requirement to whitelist all ASV scanner traffic on your external firewalls. The only thing you need to whitelist is active/dynamic rules that change on the fly in response to behaviour (eg blocking an IP because a scan has been detected). External ASV scans just require the same access that an internet-based attacker would have - nothing more. In this case (based on the information provided), if no inbound traffic is permitted, there would be no reason to whitelist inbound traffic for the external scan.