Incomplete Scanning

Hello,

We have recently deployed new Cisco FTD in out Environment and as we tried to scan them(FTD) by rapid7 Scanner, we are getting incomplete status. scan started and with in 2 Mins it turned incomplete.
We are able to SSH successfully via scan engine and locally. these FTD are deployed on cisco chassis.
there are no restriction placed but we are still unable to scan them. The scan engine is also up and running.
Can someone please help me to understand why could be the other reason.?

you might want to pull the scan logs and open a ticket with support

@brandon_mcclure Thanks for reply. I have already opened a case with them.
This cisco firepower threat and defense firewall is installed on cisco chassis itself (docker container). Could the be reason Scan engine unable to scan.?
We can manually SSH the Cisco FTD by logging to scan engine. Also during scanning, Scan engine can ssh too.
But when Scan engine try to perform vulnerability check and probe ssh we got the connect time out error.(explained by support)

2023-00-00T00:22:51 [WARN] [Thread: VulnerabilityCheckContext.performTests-1@X.X.X.X [Site: AD-HOC ] Scan:
[X.X.X.X:22] [Duration: 0:02:0] sonicwall-email-security-cve-2021-20025 (sonicwall-email-security-cve-2021-20025) -
ERROR -
running SSH service
java.lang.RuntimeException: java.net.ConnectException: Connection timed out

@brandon_mcclure @john_hartman let me know if you can help me with this or any potential thoughts.

Doesn’t makes since, it looks like a silent drop on the firewall, but if you can ssh from the box that disproves it.

Yes, I can SSH from Scan engine to this Cisco Instance. Also I can SSH using the service account user name and password it worked.

@john_hartman @brandon_mcclure Could you please confirm if Rapid7 Cover Cisco Firepower threat and defense (FTD) under scanning coverage?
I am unable to find it in the coverage section.

I’m sorry, I do not know and don’t use it myself to confirm.

I am pretty sure you can not scan the new FTD appliances with user name and password and elevated credentials. You can check w Rapid7 but I had this issue a while back. Cisco changed the back end of their appliances and in order to elevate privilege you typically need mfa.

I had a support case opened on scanning FTD devices back on Oct 2022. Here is part of the reply:

Thank you for contacting Rapid7 Support! Unfortunately, the Rapid7 product is not currently capable of fingerprinting Cisco FTD devices, so we do not have any vulnerability coverage for these devices. Here are the Cisco devices we currently support:

Cisco AnyConnect
Cisco ASA
Cisco IOS
Cisco IOS XE
Cisco IOS XR
Cisco NX
Cisco SAN
Cisco TelePresence
Cisco Unified Computing System

If you’re ever curious about what is included in our recurring coverage, you can check that here: Recurring vulnerability coverage | InsightVM Documentation

Sometimes we do offer coverage on vulnerabilities outside of what’s on that list, and I see that a few other customers have requested fingerprinting and vulnerability coverage for Cisco FTD devices, but it looks like back in February of this year, our Product Management team said that coverage for these devices is not planned for the next 12 months.