Configure Open Port at NGAF 10

Arie_Tekoz Lv1Posted 11 May 2023 09:07

Hi All,

Could you help me to solve this vulnerabillites regarding open port like below?
for a detail
I already create policy to blocking RDP, SSH & SMB Port, but the result still 145 open port in the NGAF.
there is bug or we need adjust some policy to fix this open port?

My policy created

39370645c3f380b2b8.png (6.6 KB, Downloads: 520)

39370645c3f380b2b8.png

rivsy has solved this question and earned 30 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins, 10 coins of bounty and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

SSH 22 is a web brute force attack on the specific port. The intruder or someone is trying to pick up or get the login/password to some account or service
Is this answer helpful?
Adonis001 Lv3Posted 17 May 2023 21:27
  
Contact support if the issues persist
Naomi Posted 17 May 2023 21:25
  
If port forwarding is in place, the NGAF may not be able to block the traffic on those ports.
Saimon Lv2Posted 17 May 2023 21:22
  
Network Address Translation (NAT) configured on your NGAF, check if there are any misconfigurations that might be exposing ports unintentionally. Ensure that NAT rules are properly configured and not redirecting traffic to unintended ports.
faysalji Lv3Posted 17 May 2023 12:30
  
If you have already created policies to block RDP, SSH, and SMB ports, but there are still open ports on your NGAF (Next-Generation Application Firewall), it is possible that there might be other factors causing the issue. Here are some steps you can take to investigate and resolve the open port vulnerabilities:

Verify your policies: Double-check your policies to ensure that they are correctly configured to block the desired ports (RDP, SSH, SMB). Make sure you have applied the policies correctly and they are active.

Review the policy order: Check the order of your policies to ensure that the blocking policies for RDP, SSH, and SMB ports are placed above any permissive or less restrictive policies. Policy order determines the priority of rules, so placing the blocking policies higher in the order ensures they are enforced before other rules.

Check for conflicting rules: Look for any conflicting or contradictory rules that might override your blocking policies. Sometimes, a permissive rule or an exception rule for specific IP addresses or subnets can unintentionally allow access to certain ports.

Review NAT configurations: If you have Network Address Translation (NAT) configured on your NGAF, check if there are any misconfigurations that might be exposing ports unintentionally. Ensure that NAT rules are properly configured and not redirecting traffic to unintended ports.

Perform a port scan: Use a port scanning tool or an external port scanner to verify the open ports on your NGAF. This will help you identify the specific ports that are open and potentially pinpoint any misconfigurations or overlooked policies.

Review system logs: Check the NGAF system logs for any relevant information or error messages related to the open ports. Logs might provide insights into why the blocking policies are not effective or if there are any issues with the NGAF configuration.

Update NGAF firmware: Ensure that your NGAF is running on the latest firmware version. Firmware updates often include bug fixes and security patches that can address known vulnerabilities.

Contact Sangfor support: If you have tried the above steps and are still experiencing open port vulnerabilities, it is recommended to reach out to Sangfor support. They can provide further assistance, review your specific NGAF configuration, and help troubleshoot any potential issues or bugs that might be causing the open port problem.

It's important to note that resolving open port vulnerabilities requires a comprehensive understanding of your network environment, NGAF configuration, and security policies. Working with Sangfor support or a qualified network security professional will ensure that the vulnerabilities are addressed effectively and your NGAF is properly secured.
Kyle Padilla Posted 17 May 2023 12:14
  
Disable the port on the device and see whether it still appears. You have implemented a policy to ban all ports there, therefore there should be no problem.
MISMIS Lv3Posted 17 May 2023 12:06
  
Firmware or software issues: Make sure your NGAF device has the most recent firmware or software upgrades. Vulnerabilities or flaws in the NGAF firmware or software can sometimes result in false reporting of open ports or interfere with the effectiveness of blocking rules. Updating to the most recent version can assist in resolving such situations.
RegiBoy Lv5Posted 17 May 2023 12:01
  
You may tighten the policy even more by defining specific rules that allow only authorized IP addresses to access the ports and enabling intrusion prevention systems (IPS) to detect and prevent brute force assaults.
Faisal Piliang Posted 16 May 2023 12:21
  
Hi,

You can try go to Policies > Add Policies > Click Service from dropdown > Select port that you wanted or Add Custom Port.

Thanks
CLELUQMAN Lv4Posted 15 May 2023 14:44
  
try to disable the port in the device, see if it still appear . u have do the policy to block all the port there ,so it should not be any issue
Zonger Lv5Posted 15 May 2023 14:43
  
SSH 22 is a web brute force attack on the specific port. The intruder or someone is trying to pick up or get the login/password to some account or service

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders