This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG fire wall was a cyberoam CR50ing open management port even when disabled on WAN

Hi we have an PCI compliance failure on a open port to the management console over http: from the WAN and management is disabled on the WAN. but the http port remains open I know its this as I change the port and it moves on a GRP check., I see its disabled in the next release but this is bad as I have disabled the inbound connection, what am I doing wrong

the site is failing PCI compliance and needs fixing. how can the port be open if I have disabled management on the wan.

the unit has the latest CR50iNG (SFOS 16.05.5 MR-5)

This thread was automatically locked due to age.

Parents

0 lferrara over 8 years ago

Jonathan,

are you checking the HTTPS on all the WAN interfaces? Pay attention if you have some DNAT, WAF rule that uses 443 port.

Regards
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 lferrara over 8 years ago

Jonathan,

are you checking the HTTPS on all the WAN interfaces? Pay attention if you have some DNAT, WAF rule that uses 443 port.

Regards
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Jonathan Leach over 8 years ago in reply to lferrara

No im not checking it, its off I want it off we will vpn in to manage, but the firewall responds to the wan with the http protocol weather its port 80 8080 or 8888 or whatwever I choose its responding to a PCI scan as an open port and it fails a scan.

let me confirm

the Tick box is off and http on whatever port responds to a connection. doesn't do anything just responds
Cancel
Vote Up 0 Vote Down

Cancel