Risky ports

L1 Bithead

Risky ports

What are the risky ports we should not allow from user zone (internal network) to external network (internet / external network)? Like we don't allow 21/23 etc, please suggest other ports too.....

L5 Sessionator

Re: Risky ports

Go the other way, only allow 80, 443 and maybe few others on explicit requests. And implement app policy.

L1 Bithead

Re: Risky ports

I think 80 is also should not be allowed, we used to allow http/https app id instead of ports but what are the most critical ports we should allow anyhow like 21/23.

Community Manager

Re: Risky ports

in the new age of Next Generation firewalls, ports do not matter as much as they used to

 

today a lot more protocols and applications use port 80 and 443 where older, more traditional, protocols would use their own port

 

App-ID will assist tremendously in identifying exactly what is traversing the firewall, versus simply monitoring the ports

each application comes with "application default" ports which will also help to close off 'unusual' ports

 

So if you create, for example, a rule that allows web-browsing, ssl and DNS and set the service ports to 'application default', only ports 80,443 and 53 will be 'open' for this rule

 

'threat' wise, ports 80 and 443 pose far more risks than any other ports combined, so leveraging App-ID with content scanning and threat protection would be a more secure route than relying on just ports


Help the community: Like helpful comments and mark solutions
Reaper out
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!