In this case the workstations were Linux machines and the firewall had Static NAT configured. Each workstation had its own NAT address configured in the firewall. However, ZAM uses a proprietary protocol along with TCP/IP that holds the workstation information which includes the IPAddress that the workstation has configured. Since TCP holds the NAT address and the proprietary protocol holds the internal address, when the ZAM server receives that information, the TCP and proprietary protocol addresses don't match. So the server states the workstation is Invalid and will not scan it.