Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on Generic / Developer guidance.

  1. NAT-PMP (Port Mapping Protocol) allows devices on the local network to automatically configure port forwarding on NAT gateways. If detectable from a remote network, the gateway is misconfigured.

  2. Remediation:

    • Log in to your router or gateway administration interface.
    • Locate the NAT-PMP or UPnP settings (often under Advanced > NAT or Firewall > UPnP).
    • Disable NAT-PMP and UPnP entirely, or restrict them to the internal LAN interface only.
    • Ensure port UDP 5351 is blocked on the external (WAN) interface using your firewall.
Back to top