This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why is port 25 open over VPN?

We have setup an IPsec VPN connection on an XGS 116 and want it to be as restrictive as possible, only allowing RDP traffic to a single PC.

I used a port scanner on the IP address of the PC and it reported that port 25 (SMTP) was open but all others were closed. Why is this?

I tried adding a firewall rule to block port 25 over the VPN and the connection attempts are listed as being denied in the firewall log but the port still shows as open in the port scanners.

This thread was automatically locked due to age.

Top Replies

Alan Spark over 2 years ago in reply to LHerzog +1 suggested

Thanks, it was the "Auto added firewall policy for MTA" rule that was allowing it for any source. I changed it to allow any except from VPN.

0 LHerzog over 2 years ago

probably maybe you have SMTP Relay enabled on your WAN (or other Zone) Zone in Administration>Device Access?

edit: sorry, it wasn't about the XG, it was about a computer. But maybe related to SMTP Relay anyway?
Cancel
Vote Up 0 Vote Down

Cancel
0 LHerzog over 2 years ago in reply to LHerzog

have you done a packet capture for Port 25 in diagnostic section of Webadmin?

you should see the rule and NAT rule that is handling the traffic.
Cancel
Vote Up 0 Vote Down

Cancel
0 Alan Spark over 2 years ago in reply to LHerzog

Thanks, it was the "Auto added firewall policy for MTA" rule that was allowing it for any source. I changed it to allow any except from VPN.
Cancel
Vote Up +1 Vote Down

Cancel