cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
660
Views
1
Helpful
4
Replies

High Vulnerabilities UDP 53

Lemineral
Spotlight
Spotlight

Dear Expert

i have cisco FTD 2120, and on my firewall Tenable scan found "Firewall UDP Packet Source Port 53 Ruleset Bypass"

But when i check on connection event from outside to inside, and inside to outside, UDP Port 53 and 1025 already blocked,

but on tenable scan still found ICMP request still given to unknown internet IP, can you please advice me, what is policy i need to set for this vulnerabilities

 

Regards 

Yusran

1 Accepted Solution

Accepted Solutions

To block ICMP use a platform policy setting in FMC. Platform Policy > ICMP Access > Add block for new port object ICMP-Any on your outside interface. Save and deploy.

For FDM-managed devices, use a flexconfig object.

Reference:https://community.cisco.com/t5/network-security/block-icmp-to-ftd-device-interface-ip-in-fdm/td-p/4152340

View solution in original post

4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

Is your ACP rule using application (DNS) or port+protocol (udp/53)?

If it is using DNS application, several packets will be allowed through to allow the firewall to determine the actual application in use. that can sometimes result in false positives from scanning engines like Tenable Nessus.

Lemineral
Spotlight
Spotlight

Hello Marvin

Many thanks for your replay, on my ACP im not using DNS or Port (UDP/53) as specified, 

can you help me, how to make ICMP request block from unknown ip internet on my cisco firewall

To block ICMP use a platform policy setting in FMC. Platform Policy > ICMP Access > Add block for new port object ICMP-Any on your outside interface. Save and deploy.

For FDM-managed devices, use a flexconfig object.

Reference:https://community.cisco.com/t5/network-security/block-icmp-to-ftd-device-interface-ip-in-fdm/td-p/4152340

Dear Marvin

thanks for your help, i got it

Review Cisco Networking for a $25 gift card