Kyle Padilla Posted 17 May 2023 12:14
  
Disable the port on the device and see whether it still appears. You have implemented a policy to ban all ports there, therefore there should be no problem.
faysalji Lv3Posted 17 May 2023 12:30
  
If you have already created policies to block RDP, SSH, and SMB ports, but there are still open ports on your NGAF (Next-Generation Application Firewall), it is possible that there might be other factors causing the issue. Here are some steps you can take to investigate and resolve the open port vulnerabilities:

Verify your policies: Double-check your policies to ensure that they are correctly configured to block the desired ports (RDP, SSH, SMB). Make sure you have applied the policies correctly and they are active.

Review the policy order: Check the order of your policies to ensure that the blocking policies for RDP, SSH, and SMB ports are placed above any permissive or less restrictive policies. Policy order determines the priority of rules, so placing the blocking policies higher in the order ensures they are enforced before other rules.

Check for conflicting rules: Look for any conflicting or contradictory rules that might override your blocking policies. Sometimes, a permissive rule or an exception rule for specific IP addresses or subnets can unintentionally allow access to certain ports.

Review NAT configurations: If you have Network Address Translation (NAT) configured on your NGAF, check if there are any misconfigurations that might be exposing ports unintentionally. Ensure that NAT rules are properly configured and not redirecting traffic to unintended ports.

Perform a port scan: Use a port scanning tool or an external port scanner to verify the open ports on your NGAF. This will help you identify the specific ports that are open and potentially pinpoint any misconfigurations or overlooked policies.

Review system logs: Check the NGAF system logs for any relevant information or error messages related to the open ports. Logs might provide insights into why the blocking policies are not effective or if there are any issues with the NGAF configuration.

Update NGAF firmware: Ensure that your NGAF is running on the latest firmware version. Firmware updates often include bug fixes and security patches that can address known vulnerabilities.

Contact Sangfor support: If you have tried the above steps and are still experiencing open port vulnerabilities, it is recommended to reach out to Sangfor support. They can provide further assistance, review your specific NGAF configuration, and help troubleshoot any potential issues or bugs that might be causing the open port problem.

It's important to note that resolving open port vulnerabilities requires a comprehensive understanding of your network environment, NGAF configuration, and security policies. Working with Sangfor support or a qualified network security professional will ensure that the vulnerabilities are addressed effectively and your NGAF is properly secured.
Saimon Lv2Posted 17 May 2023 21:22
  
Network Address Translation (NAT) configured on your NGAF, check if there are any misconfigurations that might be exposing ports unintentionally. Ensure that NAT rules are properly configured and not redirecting traffic to unintended ports.
Naomi Posted 17 May 2023 21:25
  
If port forwarding is in place, the NGAF may not be able to block the traffic on those ports.
Adonis001 Lv3Posted 17 May 2023 21:27
  
Contact support if the issues persist

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders