Re: How to find port information of applications

vaibhav.parlekar1 · ‎11-28-2017

Hi all,

We want to allow VNC on it's standard ports. I tried with VNC app under application detectors and can see the internal detector for VNC application is enabled but looks like we cannot see the information of an internal detector. Is there any place on the firesight manager where we can see the information for the ports used by applications or googling for VNC ports the only way & using that port information in the firewall rule.

Appreciate your help.

Vaibhav

mikael.lahtela · ‎11-29-2017

Hi,

You can see the destination port in event viewer or you can see the server port under host profile if the remote client is in tour network.
Hope that helps you a bit.

br, Micke

vaibhav.parlekar1 · ‎11-29-2017

Hi Mike,

Thanks for your response. So in short we first we need to monitor the entire traffic in the network to understand and know the ports used by the applications and then start building policies and locking down applications on standard ports. Am I right ?

Vaibhav

mikael.lahtela · ‎11-29-2017

Yes, that is one way to do it if you don't have a firewall corporate policy in place.
Or you can open the basics, http, https, dns and block everything else and then start to open what is needed.
Don't know what firewall you are using but both in ASA and FTD there is a way to see what rule hit counters if you already have a firewall in place.
Then you could zero the hit counts and let it run for a while and see what rules are mostly used and build your base policy from there.

br, Micke

vaibhav.parlekar1 · ‎11-30-2017

I am using FTD 6.2.

Vaibhav

mikael.lahtela · ‎12-04-2017

Hi,

In FTD you can use show access-list to see rule hits and clear access-list to clear the hit counts.
There is a way to create hit count report in FMC:
https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/211515-Configure-Firesight-Management-Center-to.html

br Micke