https://community.cisco.com/t5/network-security/high-vulnerabilities-udp-53/m-p/4946735#M1105336 <P>Dear Expert</P><P>i have cisco FTD 2120, and on my firewall Tenable scan found "Firewall UDP Packet Source Port 53 Ruleset Bypass"</P><P>But when i check on connection event from outside to inside, and inside to outside, UDP Port 53 and 1025 already blocked,</P><P>but on tenable scan still found ICMP request still given to unknown internet IP, can you please advice me, what is policy i need to set for this vulnerabilities</P><P>&nbsp;</P><P>Regards&nbsp;</P><P>Yusran</P> Tue, 24 Oct 2023 09:18:17 GMT Lemineral 2023-10-24T09:18:17Z https://community.cisco.com/t5/network-security/high-vulnerabilities-udp-53/m-p/4946735#M1105336 <P>Dear Expert</P><P>i have cisco FTD 2120, and on my firewall Tenable scan found "Firewall UDP Packet Source Port 53 Ruleset Bypass"</P><P>But when i check on connection event from outside to inside, and inside to outside, UDP Port 53 and 1025 already blocked,</P><P>but on tenable scan still found ICMP request still given to unknown internet IP, can you please advice me, what is policy i need to set for this vulnerabilities</P><P>&nbsp;</P><P>Regards&nbsp;</P><P>Yusran</P> Tue, 24 Oct 2023 09:18:17 GMT https://community.cisco.com/t5/network-security/high-vulnerabilities-udp-53/m-p/4946735#M1105336 Lemineral 2023-10-24T09:18:17Z https://community.cisco.com/t5/network-security/high-vulnerabilities-udp-53/m-p/4946913#M1105337 <P>Is your ACP rule using application (DNS) or port+protocol (udp/53)?</P> <P>If it is using DNS application, several packets will be allowed through to allow the firewall to determine the actual application in use. that can sometimes result in false positives from scanning engines like Tenable Nessus.</P> Tue, 24 Oct 2023 13:53:52 GMT https://community.cisco.com/t5/network-security/high-vulnerabilities-udp-53/m-p/4946913#M1105337 Marvin Rhoads 2023-10-24T13:53:52Z https://community.cisco.com/t5/network-security/high-vulnerabilities-udp-53/m-p/4948130#M1105367 <P>Hello Marvin</P><P>Many thanks for your replay, on my ACP im not using DNS or Port (UDP/53) as specified,&nbsp;</P><P>can you help me, how to make ICMP request block from unknown ip internet on my cisco firewall</P> Thu, 26 Oct 2023 01:36:12 GMT https://community.cisco.com/t5/network-security/high-vulnerabilities-udp-53/m-p/4948130#M1105367 Lemineral 2023-10-26T01:36:12Z https://community.cisco.com/t5/network-security/high-vulnerabilities-udp-53/m-p/4949003#M1105379 <P>To block ICMP use a platform policy setting in FMC. Platform Policy &gt; ICMP Access &gt; Add block for new port object ICMP-Any on your outside interface. Save and deploy.</P> <P>For FDM-managed devices, use a flexconfig object.</P> <P>Reference:<A href="https://community.cisco.com/t5/network-security/block-icmp-to-ftd-device-interface-ip-in-fdm/td-p/4152340" target="_blank">https://community.cisco.com/t5/network-security/block-icmp-to-ftd-device-interface-ip-in-fdm/td-p/4152340</A></P> Thu, 26 Oct 2023 15:21:05 GMT https://community.cisco.com/t5/network-security/high-vulnerabilities-udp-53/m-p/4949003#M1105379 Marvin Rhoads 2023-10-26T15:21:05Z https://community.cisco.com/t5/network-security/high-vulnerabilities-udp-53/m-p/4949334#M1105391 <P>Dear Marvin</P><P>thanks for your help, i got it</P> Fri, 27 Oct 2023 01:32:26 GMT https://community.cisco.com/t5/network-security/high-vulnerabilities-udp-53/m-p/4949334#M1105391 Lemineral 2023-10-27T01:32:26Z