01-13-2008 10:07 AM - edited 03-11-2019 04:47 AM
CISCO-PIX-515E:
I am NOT exposing port 445 to the internet (as I have no need or disire to do so and am well aware of the security issues)
- but I have noticed that one of my DMZ hosts (an SSL VPN Server) is trying to pass 445 traffic internally -
so my question is...is it also considered to be bad practice to allow port 445 traffic between a DMZ host and an internal host?
Externally we ONLY allow port 443 to the DMZ Server in question.
01-18-2008 01:16 PM
I don't think there is any harm in this since systems on DMZ can't access internal hosts directly.
01-18-2008 01:27 PM
This is the case that you have the SSL VPN
Server configured for Windows Domain
authentication. It is trying to use either
port 139 (legacy) or port 445 (new) for
authenticating users with Domain Authentication.
I do the same thing with my VPN concentrator.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: