Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
228
Views
2
Helpful
1
Replies

block tcp ports 21/5060/2000 FMC

haroungh
Level 1
Level 1

‎02-05-2025 04:17 AM - edited ‎02-05-2025 04:18 AM

Hi Dears,

I’ve encountered an issue with FTD  managed via Firepower Management Center (FMC), running the recommended version 7.4.2

Issue Details:

  • After performing an Nmap scan on the outside interface, we discovered that TCP ports 21, 2000, and 5060 are showing as open.
  • This behavior persists even though:
    • There are no specific ACLs or NAT rules configured to allow these ports.
    • We have explicitly created rules to deny these ports, but they still appear open in the scan.

Additional Observations:

  • This issue is only present on FTD  managed via FMC.
  • On FTD devices managed via FDM (Firepower Device Manager), the same Nmap scan shows these ports as closed as expected.
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-05-2025 05:38 AM

This can be caused by the device's default ALG inspections for ftp, sccp and sip (which use the three respective ports you noted).

It is not actually open ports that potentially allow traffic through the device but rather the inspection process completing the handshake in order to further inspect payload (which in this case doesn't exist).

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card