We recently installed a pair of 5525-X ASAs in HA running FTD 6.1.0 code. A 3rd party security scan reveals that ports on NATted IPs are "open," however an internal real IP scan of those same hosts shows that the discovered open ports are not open.
We conducted our own external Nmap scan of the NATted IPs and then of the ASA's outside interface itself. What we found was that for any of those IPs, Nmap reported hundreds of open ports. A more comprehensive scan with Nmap reports them as tcp wrapped.
My question is, how does FTD normally respond to scanners? Do we have a real security problem here due to a bug, or is this expected behavior?
-Justin