https://live.paloaltonetworks.com/t5/general-topics/tcp-source-port-pass-firewall-vulnerability/m-p/478468#M103763 <P>Make sure that all your filtering rules are correct and strict enough. If the<BR />firewall intends to deny TCP connections to a specific port, it should be<BR />configured to block all TCP SYN packets going to this port, regardless of the<BR />source port.</P><P>&nbsp;</P><P>Have you configured the FW to utilize PANW best practices for Zone and Dos Protections?</P><P><A href="https://docs.paloaltonetworks.com/best-practices/10-0/dos-and-zone-protection-best-practices" target="_blank">https://docs.paloaltonetworks.com/best-practices/10-0/dos-and-zone-protection-best-practices</A></P><P>&nbsp;</P><P>&nbsp;</P> Tue, 05 Apr 2022 20:05:15 GMT S.Cantwell 2022-04-05T20:05:15Z https://live.paloaltonetworks.com/t5/general-topics/tcp-source-port-pass-firewall-vulnerability/m-p/477874#M103706 <P>Hi Team,</P><P>&nbsp;</P><P>We are getting below vulnerability in PA NGFW.&nbsp;</P><P>&nbsp;</P><P>Please find the error below,&nbsp;</P><P>&nbsp;</P><TABLE width="1664"><TBODY><TR><TD width="64">IP Status</TD><TD width="64">QID</TD><TD width="64">Title</TD><TD width="64">Type</TD><TD width="64">Severity</TD><TD width="64">Port</TD><TD width="64">Protocol</TD><TD width="64">FQDN</TD><TD width="64">SSL</TD><TD width="64">CVE ID</TD><TD width="64">Vendor Reference</TD><TD width="64">Bugtraq ID</TD><TD width="64">CVSS Base</TD><TD width="64">CVSS Temporal</TD><TD width="64">CVSS3 Base</TD><TD width="64">CVSS3 Temporal</TD><TD width="64">Threat</TD><TD width="64">Impact</TD><TD width="64">Solution</TD><TD width="64">Exploitability</TD><TD width="64">Associated Malware</TD><TD width="64">Results</TD><TD width="64">PCI Vuln</TD><TD width="64">Instance</TD><TD width="64">Category</TD><TD width="64">Result Errors</TD></TR><TR><TD>host scanned, found vuln</TD><TD>34000</TD><TD>TCP Source Port Pass Firewall</TD><TD>Vuln</TD><TD>3</TD><TD>&nbsp;</TD><TD>&nbsp;</TD><TD>&nbsp;</TD><TD>&nbsp;</TD><TD>&nbsp;</TD><TD>&nbsp;</TD><TD>&nbsp;</TD><TD>5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)</TD><TD>3.6 (E:U/RL:W/RC:UC)</TD><TD>Your firewall policy seems to let TCP packets with a specific source port pass through.</TD><TD>Some types of requests can pass through the firewall. The port number listed in the results section of this vulnerability report is the source port that unauthorized users can use to bypass your firewall.</TD><TD>Make sure that all your filtering rules are correct and strict enough. If the firewall intends to deny TCP connections to a specific port, it should be configured to block all TCP SYN packets going to this port, regardless of the source port.</TD><TD>The host responded 4 times to 4 TCP SYN probes sent to destination port 25 using source port 25. However, it did not respond at all to 4 TCP SYN probes sent to the same destination port using a random source port.</TD><TD>yes</TD><TD>&nbsp;</TD><TD>Firewall</TD><TD><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P></TD></TR></TBODY></TABLE> Mon, 04 Apr 2022 08:10:08 GMT https://live.paloaltonetworks.com/t5/general-topics/tcp-source-port-pass-firewall-vulnerability/m-p/477874#M103706 SubaMuthuram 2022-04-04T08:10:08Z https://live.paloaltonetworks.com/t5/general-topics/tcp-source-port-pass-firewall-vulnerability/m-p/478468#M103763 <P>Make sure that all your filtering rules are correct and strict enough. If the<BR />firewall intends to deny TCP connections to a specific port, it should be<BR />configured to block all TCP SYN packets going to this port, regardless of the<BR />source port.</P><P>&nbsp;</P><P>Have you configured the FW to utilize PANW best practices for Zone and Dos Protections?</P><P><A href="https://docs.paloaltonetworks.com/best-practices/10-0/dos-and-zone-protection-best-practices" target="_blank">https://docs.paloaltonetworks.com/best-practices/10-0/dos-and-zone-protection-best-practices</A></P><P>&nbsp;</P><P>&nbsp;</P> Tue, 05 Apr 2022 20:05:15 GMT https://live.paloaltonetworks.com/t5/general-topics/tcp-source-port-pass-firewall-vulnerability/m-p/478468#M103763 S.Cantwell 2022-04-05T20:05:15Z