Cisco UCS X-Series IMM FI 6536 Hardening

Luis Perez · ‎01-11-2024

Actually deploying a new UCS X-Series Domain in IMM mode, but before to provide internet access for Interisght connectivity, cibersecutity team is doing a vulnerability test to the management IP of Fabric Interconnects.

Finding some help about questions:

- Changing SSH default port

- Disable SNMP ports that actually shows enabled

- Disable TCP/8080 port

I didnt found any specific guide to make changes like this to the Fabric Interconnects in IMM mode.

Sandeep Kumar · ‎01-11-2024

- Changing SSH default port - Intersight SSH Policy is applicable only for UCS Servers (Standalone). No option at present in policies for Fabric Interconnects. Kindly submit a feedback in Intersight to request this feature.

- Disable SNMP ports that actually shows enabled - Apply Domain Profile with SNMP policy to disable SNMP.

- Disable TCP/8080 port - My understanding is, this should be disabled. Kindly open a TAC case to investigate this further.

Luis Perez · ‎01-12-2024

Thanks @Sandeep Kumar, the basic nmap test shows: 22/tcp, 161/tcp, 161/udp, 443/tcp and 9876/tcp opened and 8080/tcp filtered.

Is possible to disable the SNMP port from Fabric Interconnect CLI or Device Connector, because customer is asking to close that ports before to provide internet access, so the Fabrics are not claimed yet from Intersight.

Sandeep Kumar · ‎01-12-2024

Kindly check with TAC to see if they can help you to add Iptable rules to block SNMP traffic on the FI's till a Domain profile is applied.