Receiving a 403 Forbidden For All Requests

some firewalls have a default configuration which will block dast scans the zap scanner sends a identification header on each request, x scanner zap which may be an indicator to your waf to block the request a false positive issue may then be created in soos this can be verified by running the curl command associated with the soos issue, first as written, and then a second time without the x scanner header to see if it makes a difference in the response it may be necessary to create a specific exception in your firewall to allow the dast scan to run