Periodically we perform network discovery scans to see what is on our network. When we scan a subnet that is not in use (no vlan or vlan interface exist) we get results back saying that there was a device found and that it is our firewall.
Obviously this is because our scaning workstation hit our core which could not find a matching route for the subnet in question, and forwarded our scan out the default route to our firewall.
How can I prevent this from occuring? If we don't have a vlan or vlan interface created for a particular subnet, how can we drop all requests to that subnet without the request going up to the firewall (via the default route)?
Thanks in advance