Configure Open Port at NGAF 10

Arie_Tekoz Lv1Posted 11 May 2023 09:07

Hi All,

Could you help me to solve this vulnerabillites regarding open port like below?
for a detail
I already create policy to blocking RDP, SSH & SMB Port, but the result still 145 open port in the NGAF.
there is bug or we need adjust some policy to fix this open port?

My policy created

39370645c3f380b2b8.png (6.6 KB, Downloads: 502)

39370645c3f380b2b8.png

rivsy has solved this question and earned 30 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins, 10 coins of bounty and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

SSH 22 is a web brute force attack on the specific port. The intruder or someone is trying to pick up or get the login/password to some account or service
Is this answer helpful?
rivsy Lv5Posted 15 May 2023 09:46
  
SSH 22 is a web brute force attack on the specific port. The intruder or someone is trying to pick up or get the login/password to some account or service
Jhazz Lv3Posted 15 May 2023 10:17
  
this is a brute force attack that is being blocked
Arie_Tekoz Lv1Posted 15 May 2023 11:43
  
Yes there is has been blocked by our policy, but in the dashboard still have detected this port is vulnerable.


Farina Ahmed Lv5Posted 15 May 2023 14:19
  
If you have created a policy to block RDP, SSH, and SMB ports, but you still see 145 open ports in your NGAF (Next-Generation Application Firewall), there could be several reasons for this:

Incorrect Configuration: Double-check your policy configurations to ensure that the rules are correctly set to block the desired ports. Verify that the rule conditions, such as source and destination IP addresses, port numbers, and protocols, are accurately defined.

Port Scanning: The open ports you see in the NGAF could be the result of port scanning activities. Port scanning is a technique used to discover open ports on a network. It's possible that the NGAF is detecting the port scanning attempts rather than actual open ports on your network. In such cases, the NGAF may report the detected scanning activities as open ports.

Port Forwarding: Check if there are any port forwarding configurations in your network environment. Port forwarding can redirect incoming traffic from external ports to internal devices, bypassing the NGAF. If port forwarding is in place, the NGAF may not be able to block the traffic on those ports.

Firmware or Software Issues: Ensure that your NGAF device has the latest firmware or software updates installed. Sometimes, vulnerabilities or bugs in the NGAF firmware or software can cause incorrect reporting of open ports or interfere with the effectiveness of blocking policies. Updating to the latest version can help resolve such issues.

Misconfiguration or Policy Conflicts: Review your overall NGAF configuration and policy setup. It's possible that there might be misconfigurations or conflicts in other policies that are allowing certain ports to remain open. Make sure there are no conflicting policies or exceptions that are overriding your blocking rules.
Zonger Lv5Posted 15 May 2023 14:43
  
SSH 22 is a web brute force attack on the specific port. The intruder or someone is trying to pick up or get the login/password to some account or service
CLELUQMAN Lv4Posted 15 May 2023 14:44
  
try to disable the port in the device, see if it still appear . u have do the policy to block all the port there ,so it should not be any issue
Faisal Piliang Posted 16 May 2023 12:21
  
Hi,

You can try go to Policies > Add Policies > Click Service from dropdown > Select port that you wanted or Add Custom Port.

Thanks
RegiBoy Lv5Posted 17 May 2023 12:01
  
You may tighten the policy even more by defining specific rules that allow only authorized IP addresses to access the ports and enabling intrusion prevention systems (IPS) to detect and prevent brute force assaults.
MISMIS Lv3Posted 17 May 2023 12:06
  
Firmware or software issues: Make sure your NGAF device has the most recent firmware or software upgrades. Vulnerabilities or flaws in the NGAF firmware or software can sometimes result in false reporting of open ports or interfere with the effectiveness of blocking rules. Updating to the most recent version can assist in resolving such situations.

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders