Hi Guys, hi Sophos ....
Why is Telnet on Port 23 on WAN open?
This tcpdump: Did you do it on port 23?
Try: tcpdump -ni any port 23
tcpdump -i Port2 port 23
and this is from Log...
we are under heavy attacks.
The DNAT Rule does not match. What Service is answering here?
So i tried this with a couple of Firewalls. None had Port23 open.
Telnet was a old setting from V17.0 (if i remember correctly).
Please check the tcpdump of all ports to verify the appliance is actually answering.
Is this installation / backup old?
This is a NEW firewall. Installed yesterday.
Can you provide us/me your access ID?
I provided the access key in the Support Case: 06220855
Thank you for the Case ID, I have found the Access ID.
We’re currently checking the device.
Do you see this telnet traffic in firewall log? If so, which firewall rule is it matching?
I suspect you have a firewall rule forwarding/allowing the telnet traffic from WAN to SFOS.
GES has found that somebody has configured "Appliance Access" to be enabled; this will cause all the ports to accept incoming traffic.
console> sys appliance_access showAppliance access enabled.
To disable this, you can run
console> sys appliance_access disable
Some misunderstanding by me.
console>sys appliance_access disable
closes the open Port.
But, WHY is there no warning in the GUI? This should be. This is a very dangerous setting which underruns some rules.