I did a portscan on the ACS solution engine and found the following TCP ports are open on the ACS Solution Engine,
Port - Services
49 - TCPwrapped
135 - MSRPC
1503 - TCPwrapped
2000 - Calbook
2001 - DC
2002 - SSL
2003 - cfingerd
3389 - TCPwrapped
I would like to know whether the ports open above is required for the optimum operation of the ACS SE. If not, I plan to close some of the ports such as 135 and 3389. Please advise the impact if such ports above are close
You can block port 3389 which is used by cfingerd and this will not have any impact on the performance of the device. However the ports used by TCPwrapped should not be blocked as they are connection ports used for communication with other hosts.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...