PCI Compliance Scanner Reports All Ports Open

PCI Compliance Scanner Reports All Ports Open

16804
Created On 09/26/18 13:53 PM - Last Modified 06/14/23 07:12 AM


Resolution


Issue

  • Testing with PCI compliance Scanner is producing false positives for vulnerabilities on the firewall.
  • When running a port scan on the device, all ports scanned report open.

Resolution

  • All ports will report open, when a Management profile is enabled and the Zone Protection setting is Syn Flood with it's default settings.
  • In order to address this issue, browse to Network > Zone Protection Profile > Change Syn Cookie to Random Early Drop and commit the change.
  • At this point, all ports should not be open.

owner: ppolizzi
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClyECAS&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language