https://community.cisco.com/t5/network-security/vulnerable-ports/m-p/4262182#M1076834 <P>By default you want to block EVERYTHING inbound other than what you have explicitly allowed. An ASA will do this automatically if you have setup security levels properly (e.g. inside = 100, outside =0). On FTD it is done with a default "BLOCK" rule in the access control policy.</P> Tue, 22 Dec 2020 03:49:35 GMT Marvin Rhoads 2020-12-22T03:49:35Z https://community.cisco.com/t5/network-security/vulnerable-ports/m-p/4261931#M1076818 <P>Hi,</P><P>&nbsp;</P><P>can anyone please provide a cisco document with the list of vulnerable ports to be blocked in cisco firewall?</P><P>&nbsp;</P><P>Thanks,</P> Mon, 21 Dec 2020 17:45:23 GMT https://community.cisco.com/t5/network-security/vulnerable-ports/m-p/4261931#M1076818 dijeshkeloth 2020-12-21T17:45:23Z https://community.cisco.com/t5/network-security/vulnerable-ports/m-p/4261996#M1076821 <P>there is no rule you should open or close it all depends on business requirement, personally by default you should block all ports only open required ports in commonly used for Local LAN to external.</P> <P>&nbsp;</P> <P>NGFW can take feed from a different vendors and make use of it for other Nexge generation features.</P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 21 Dec 2020 19:44:00 GMT https://community.cisco.com/t5/network-security/vulnerable-ports/m-p/4261996#M1076821 balaji.bandi 2020-12-21T19:44:00Z https://community.cisco.com/t5/network-security/vulnerable-ports/m-p/4262182#M1076834 <P>By default you want to block EVERYTHING inbound other than what you have explicitly allowed. An ASA will do this automatically if you have setup security levels properly (e.g. inside = 100, outside =0). On FTD it is done with a default "BLOCK" rule in the access control policy.</P> Tue, 22 Dec 2020 03:49:35 GMT https://community.cisco.com/t5/network-security/vulnerable-ports/m-p/4262182#M1076834 Marvin Rhoads 2020-12-22T03:49:35Z