3 UDP Source Port Pass Firewall

gurpreet.singh · ‎11-23-2021

I have 3 Zerto servers Z-VRA-INDMZEXZI01, Z-VRA-INDMZEXZI02 and ZERTOPL01
during scan there were vulnerabilities detected. After Scanning getting below mention vulnerabilities.
3 UDP Source Port Pass Firewall
SOLUTION:
Make sure that all your filtering rules are correct and strict enough. If they are not, change the
firewall rules to filter these requests
with a particular source port.
RESULTS:
The following UDP port(s) responded with either an ICMP (port closed) or a UDP (port open) to
our probes using a source port of
53, but they did not respond when a random source port (55812) was used:
111 (closed), 40421 (closed), 1701 (closed), 5632 (closed), 517 (closed), 518 (closed), 137
(closed), 1027 (closed), 135 (closed),
3527 (closed), 13 (closed), 53 (closed), 1812 (closed), 7 (closed), 1434 (closed).

How would I accomplish this?

Marius Gunnerud · ‎11-23-2021

Are you sure that you do not have a rule that is allowing traffic with a source of UDP/53 on the ingress interface that is in question?

--
Please remember to select a correct answer and rate helpful posts

gurpreet.singh · ‎11-28-2021

for the above mentioned servers there is a rule In DMZ firewall. which is permitting all traffic.

There is not any specific rule which is blocking source of UDP/53.

Is it the right way if I block UDP /53 than it resolve my issue of (3 UDP Source Port Pass Firewall) ?

Ciscogeek299 · ‎08-30-2023

you will need to have an ACL point in the inbound direction with traffic coming from Source ANY Source port 53 and deny and then permit anything apply it in the interface that came out on you report this will fix your issue