Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

CSA throws portscan alert

Good morning,

I'm getting an Alert in CSA, generated by Rule 18, stating that "A portscan was detected Reason: ICMP unreachable. ICMP: 10.64.100.101 -> 10.65.110.118 type destination_unreachable/03.

The target address (.118) is a voice gateway on a 6509. I dont see any reason for this to occur. Thoughts?

3 REPLIES
Blue

Re: CSA throws portscan alert

You didn't mention what version of CSA you are running and there are different options for each.

You may want to turn off the ICMP deny logging or add your voice gateway to the authorized port scanners. Portscan logging is a different matter and it depends on which version you have.

New Member

Re: CSA throws portscan alert

Hi, Sorry. It's version 4.5.

Blue

Re: CSA throws portscan alert

OK, then make sure you are using the Internal IP Stack hardening module and add your voice gateway to the Authorized Port Scanners network address set. You also may want to exclude the gateway from the host addresses that are scanned by those rules.

That may do the trick.

Tom

315
Views
4
Helpful
3
Replies
CreatePlease to create content