Halo Security Firewall Scanning is an external attack surface management tool that monitors internet-exposed ports and services on organizational firewalls. The tool performs agentless scanning from an external perspective to identify potential security exposures. The platform scans all 65,535 TCP ports and the top 1,000 UDP ports on a scheduled basis. It catalogs open ports and identifies the products and services running on them, including TLS cipher configurations for encrypted services. The tool uses risk indicators to highlight services that pose greater security risks and flags ports that are not typically exposed to internet traffic. For HTTP servers, the tool analyzes response codes, associated ports, HTTP headers, and geolocations. It identifies servers with no website, redirects, or missing CSS. The platform also maintains DNS record catalogs to help prevent domain takeovers and tracks Whois information for asset ownership insights. The tool includes an event tracking system that monitors configuration changes over time. Users can configure real-time alerts through email, Slack, or ticketing systems when new ports are opened or changes occur. The dashboard provides filtering and visualization capabilities for managing discovered assets and exposures. Firewall Scanning operates without requiring agent installation or configuration changes to monitored systems.