Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

How to turn off FTP port in new Cisco RV

Hi everyone,

I just installed a new Cisco RV325 router/firewall and everything is working fine. I then did a port scan from the WAN side just to see what ports were open and I was surprised to see FTP on port 21 and RealServer on port 7070. I wasn't able to FTP in (the connection was dropped immediately) but I would rather close off that port completely so that is not visible to a port scan.

Can you point me to the part of the documentation that turns off external services? I found "Block WAN request" and that makes the router not reply to pings but I don't see anything specifically for FTP.

Thanks,

Jeff

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Thank you for the information

Thank you for the information.

If you want to explicitly deny FTP traffic to come inside the network then this is what you have to do:

- Go to Firewall, Access rules and then click on add

Action: Deny

Service: FTP

Source Interface: WAN

Source IP: Any

Destination IP: Any

And click save at the bottom.

This way you are explicitly denying any FTP access to the network.

If after configuring this rule on the router you test the ports and they still show open then the issue is definitely somewhere else and no on the router.

I hope this helps.

 

3 REPLIES
Silver

Hello, I'm sorry you are

Hello, 

I'm sorry you are having issues with the device.

I will have to say that I find it very odd as all the ports are closed by default unless somebody explicitly goes and create rules inside the router to open them.

Could you verify that you do have a public IP address on the WAN port of the RV325? It is very likely that the scan is reporting ports open on your modem and not the router itself.

Please let us know.

 

New Member

Hi there,I do have a static

Hi there,

I do have a static IP address on the device. Let's say it is 8.8.8.8 (which it not of course). That is the public routable address not an internal one.

When I use nmap it shows that the FTP port is open. This could mean that it actually is open or as you said it is closed and the Comcast Business router right before it is open. 

When I try FTP from Windows it says :

connecting to 8.8.8.8

and then immediately

connection closed by foreign host.

So I am just trying to be sure it is not actually open.

Thanks,

Jeff

 

Silver

Thank you for the information

Thank you for the information.

If you want to explicitly deny FTP traffic to come inside the network then this is what you have to do:

- Go to Firewall, Access rules and then click on add

Action: Deny

Service: FTP

Source Interface: WAN

Source IP: Any

Destination IP: Any

And click save at the bottom.

This way you are explicitly denying any FTP access to the network.

If after configuring this rule on the router you test the ports and they still show open then the issue is definitely somewhere else and no on the router.

I hope this helps.

 

97
Views
0
Helpful
3
Replies
CreatePlease to create content