port scan to juniper fw

Dear list,
I am performing a port scan to an IP address of juniper SSG firewall (6.2.r3).
When the port scan finishes the results show me a lot of open ports
although they are not open.
Further the results differ and the same scan shows different open
ports next time.
The tcpdump during the port scan shows me that the fw is answering
with a syn-ack after the third syn.
Why is this happening ? I would expect no answer or a rst packet.

I would be very happy if somebody could explain me this strange
behaviour and let me know how I can fix it.
Maybe there is an option on the fw to switch this off.

This is the nmap scan command:

nmap -sS -P0 <fw-untrust-ip>

Many Thanks

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.