Reflexion will be End-of-life on March 31,2023. See Sophos Reflexion EoL FAQs to learn more.
Hi Guys, hi Sophos ....
Why is Telnet on Port 23 on WAN open?
This tcpdump: Did you do it on port 23?
Try: tcpdump -ni any port 23
__________________________________________________________________________________________________________________
Yes.
tcpdump -i Port2 port 23
and this is from Log...
Update:
we are under heavy attacks.
The DNAT Rule does not match. What Service is answering here?
So i tried this with a couple of Firewalls. None had Port23 open.
Telnet was a old setting from V17.0 (if i remember correctly).
Please check the tcpdump of all ports to verify the appliance is actually answering.
Is this installation / backup old?
This is a NEW firewall. Installed yesterday.
Can you provide us/me your access ID?
Hi,
I provided the access key in the Support Case: 06220855
Hello Guenter,
Thank you for the Case ID, I have found the Access ID.
We’re currently checking the device.
Regards,
Do you see this telnet traffic in firewall log? If so, which firewall rule is it matching?
I suspect you have a firewall rule forwarding/allowing the telnet traffic from WAN to SFOS.
GES has found that somebody has configured "Appliance Access" to be enabled; this will cause all the ports to accept incoming traffic.
console> sys appliance_access showAppliance access enabled.
To disable this, you can run
console> sys appliance_access disable
Some misunderstanding by me.
After running
console>sys appliance_access disable
closes the open Port.
But, WHY is there no warning in the GUI? This should be. This is a very dangerous setting which underruns some rules.
Hello,
When you run the command via the console to enable it, it warns you about what is going to happen:
"This will override the configured Appliance Access and allow access to all the services. All internet traffic will be dropped."
The documentation states, "Allows you to override or bypass the configured device access settings and allow access to all the Sophos Firewall services."
This setting isn’t meant to be left turned on and only used in "emergency" situations when you have let yourself out of the firewall.
But I will pass your feedback to PM about having a banner or alert when this setting has been enabled.