03-23-2012 10:01 AM - edited 03-04-2019 03:46 PM
I have a site that is connected to the internet via T1 into 2811 runing C2800NM-ADVENTERPRISEK9-M), Version 12.4(11)X. I have noticed that when i do a port scan on the outside nat pool i see well know ports in the closed state .ie...7,21,22,23,25,99,100,80,443. These pools for end users to access internet. Does this pose a security risk? What can i change to provide end user access to web but not let these well know ports open?
Solved! Go to Solution.
03-23-2012 11:23 AM
Then in that case its a correct behavior. As it creates a statetable kind of Translation Table only when traffic is originated inside. All the outside originated traffic trying to come inside will be blocked. If you have any static NAT configured for Servers hosted in the environment (higly unlikely without a firewall appliance these days) then only you will see the scan showing open results.
. If the Inside users using web as desired, then all looks good from what you say.
Plz let me know if this was useful.
03-23-2012 10:16 AM
I may not understand your question, but if the port is closed then that's ok. There's no security risk if the port is closed, and it depends on the scanner that you're using and with what options on how the scanner reports back. What are you using to scan?
03-23-2012 10:47 AM
I am using solar winds port scanner builtin to the engenieer toolkit.
03-23-2012 10:40 AM
Do you mean that when you scanned from outside you couldt see that the mentioned ports are open.?
If yes, then that a normal behavior for dunamic NAT to fuction as a entry is created only when active connection is established from "Inside" to "Outside" . So traffic originating from outside will have no chance to come in and hence you are observing the ports to be closed.
Plz let me know if this is what you wanted to know.
03-23-2012 11:18 AM
i am scanning the external ip adress from the outside and they are showing up as "closed". Most of the ip addess show "not responding"
03-23-2012 11:23 AM
Then in that case its a correct behavior. As it creates a statetable kind of Translation Table only when traffic is originated inside. All the outside originated traffic trying to come inside will be blocked. If you have any static NAT configured for Servers hosted in the environment (higly unlikely without a firewall appliance these days) then only you will see the scan showing open results.
. If the Inside users using web as desired, then all looks good from what you say.
Plz let me know if this was useful.
03-23-2012 11:38 AM
OK, just wanted to be sure. Thanks!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: