Hi, how can I reject or disable telnet on sophox xg or any device on our network? thanks

Hi Miguel Cruz 

On XG firewall device access allows you to limit administrative access to certain services from custom and default zones.

Please navigate to SYSTEM > Administration > Device Access > Local service ACL > Admin services > find Telnet and disable if it is enabled.

Thanks,

Thanks for your fast response, I just did that, but it keeps working (port 23 open)

Hi,

that would suggest you have a firewall rule allowing the connection.

Ian

Yes you right, i have a firewall rule "allowing" "any service", but, which services I would allow for common Internet use for a tiny office? (Surfing with Chrome, etc. nothing from Wan only local)

Yes you right, i have a firewall rule "allowing" "any service", but, which services I would allow for common Internet use for a tiny office? (Surfing with Chrome, etc. nothing from Wan only local)

Hi,

A majority of application use http/s, maybe imap/s and smtps.

So you create firewall rule using the web proxy for http and https, another one for imap/s and smtp/s do not enable scanning unless you have installed the XG CA. In the web proxy, choose allow all, application allow all, IPS LANtoWAN - log.

I assume you are running v18 GA so please add a firewall rule at the bottom Source LAN,WAN,WIF,VPN, DMZ  ->any -> destination WAN, LAN, WIFI, VPN, DMZ -> ANY -> Drop -> log , this will avow you to see other traffic.

Do you have any staff running VPN or similar?

Now I suspect that not all services will connect so you will need to add additional rules, please feel free to ask for further assistance.

ian

Thanks! Ill check that, we dont use vpn. I use the version SFVH (SFOS 17.5.10 MR-10)