Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
527
Views
0
Helpful
0
Replies

Nmap Finds 100's of 'Open' Ports on 5525-X w/ FTD 6.1.0

Justin Kurynny
Level 4
Level 4

‎12-15-2016 02:29 PM - edited ‎03-12-2019 01:40 AM

We recently installed a pair of 5525-X ASAs in HA running FTD 6.1.0 code. A 3rd party security scan reveals that ports on NATted IPs are "open," however an internal real IP scan of those same hosts shows that the discovered open ports are not open.

We conducted our own external Nmap scan of the NATted IPs and then of the ASA's outside interface itself. What we found was that for any of those IPs, Nmap reported hundreds of open ports. A more comprehensive scan with Nmap reports them as tcp wrapped.

My question is, how does FTD normally respond to scanners? Do we have a real security problem here due to a bug, or is this expected behavior?

-Justin

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card