I have the below ACL on our CSS.
A recent port scan from a vulnerability test showed the port for the app session was open.
even though the acl is showing clause 55 at the bottom of the list, it still should be in sequence correct?
Also is the app session traffic udp or tcp?
Remote side app session source is 6.2.1.131
circuit VLAN1
ip address 2.1.1.75 255.255.255.0
acl 10
clause 10 deny any any destination 224.0.0.0 255.255.255.0
clause 22 deny any any destination 192.168.0.0 255.255.0.0
clause 30 deny any any destination 172.16.0.0 255.255.0.0
clause 40 deny any any destination 127.0.0.0 255.0.0.0
clause 50 deny any any destination 10.0.0.0 255.0.0.0
clause 60 permit any 2.1.1.66 destination 2.1.1.75 255.255.255.255 eq 22
clause 100 deny any any destination 2.1.1.75 255.255.255.255 eq 21
clause 110 deny any any destination 2.1.1.75 255.255.255.255 eq 22
clause 120 deny any any destination 2.1.1.75 255.255.255.255 eq 23
clause 130 deny any any destination 2.1.1.75 255.255.255.255 eq 80
clause 254 permit any any destination any
clause 55 permit any 6.2.1.131 destination 2.1.1.75 255.255.255.255 eq 5001
apply circuit-(VLAN1)