Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 5412 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Hi, how can I reject or disable telnet on sophox xg or any device on our network? thanks

Miguel Cruz

Using https://www.whatsmyip.org/port-scanner/ port 23 (telnet) is open, i dont find where or how to block it, thanks.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi  

    On XG firewall device access allows you to limit administrative access to certain services from custom and default zones.

    Please navigate to SYSTEM > Administration > Device Access > Local service ACL > Admin services > find Telnet and disable if it is enabled.

    Thanks,

Reply
  • FormerMember
    0 FormerMember

    Hi  

    On XG firewall device access allows you to limit administrative access to certain services from custom and default zones.

    Please navigate to SYSTEM > Administration > Device Access > Local service ACL > Admin services > find Telnet and disable if it is enabled.

    Thanks,

Children
  • 0 in reply to FormerMember

    Thanks for your fast response, I just did that, but it keeps working (port 23 open)

  • +1 in reply to Miguel Cruz

    Hi,

    that would suggest you have a firewall rule allowing the connection.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Yes you right, i have a firewall rule "allowing" "any service", but, which services I would allow for common Internet use for a tiny office? (Surfing with Chrome, etc. nothing from Wan only local)

  • +1 in reply to Miguel Cruz

    Hi,

    A majority of application use http/s, maybe imap/s and smtps.

    So you create firewall rule using the web proxy for http and https, another one for imap/s and smtp/s do not enable scanning unless you have installed the XG CA. In the web proxy, choose allow all, application allow all, IPS LANtoWAN - log.

    I assume you are running v18 GA so please add a firewall rule at the bottom Source LAN,WAN,WIF,VPN, DMZ  ->any -> destination WAN, LAN, WIFI, VPN, DMZ -> ANY -> Drop -> log , this will avow you to see other traffic.

    Do you have any staff running VPN or similar?

    Now I suspect that not all services will connect so you will need to add additional rules, please feel free to ask for further assistance.

    ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Thanks! Ill check that, we dont use vpn. I use the version SFVH (SFOS 17.5.10 MR-10)

Unfiltered HTML