topic FTD Management interface responds to HTTPS over 443? in Network Security

FTD Management interface responds to HTTPS over 443?

Ralphy006 — Fri, 11 Mar 2022 23:25:57 GMT

The management interface of my FPR1010 running 7.0.1.1 managed via FMC responds to HTTPS (tcp 443). Any reason for this?

I've tried to change platform settings, but platform settings do not apply to the management interface.

There are 2 problems:

It responds to tcp 443 with tlsv1.2 AND 1.1 (1.1 is getting flagged by scans)
why would it even respond on this? I would like to turn it off if it isn't necessary

Thanks in advance!

Re: FTD Management interface responds to HTTPS over 443?

Udupi Krishna. — Sat, 12 Mar 2022 08:19:07 GMT

Known bug - CSCvn94888

The documented workaround within the bug is gonna impact the firewall/production. You will need to work with TAC for other workarounds that doesn't involve loosing configuration.

Re: FTD Management interface responds to HTTPS over 443?

Ralphy006 — Sat, 12 Mar 2022 15:48:27 GMT

Wow thank you. My TAC engineer is taking forever to come to this conclusion! (I know they are short staffed). What does the workaround look like from TAC?

It looks like the issue was resolved in 6.7.... but it must not have been fixed in 7.0.1....

Re: FTD Management interface responds to HTTPS over 443?

Udupi Krishna. — Sun, 13 Mar 2022 02:13:53 GMT

If you take a closer look at the bug here's what it says - This defect fix is not retroactive, meaning that upgrading an already registered FTD device to a fix version will not close the port, and either one of the workaround options would need to be completed, or the device reimaged directly to a fix version for this defect to close the 443 port as expected.

The workaround from TAC involves modifying few linux level parameters to stop FTD from listening on port 443. It's better to work with your TAC engineer to apply it.