- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-08-2021 12:32 PM - edited 02-08-2021 12:35 PM
I have this odd issue whereas one of HA Pairs seems to be listening on 443 on its outside interface for GP but I don't use GP and never had. I have a interface profile that allows HTTPS but not from any IP and when I disable that it still shows that page. no GP portal configured either.
How can I stop it from listening on 443 for any source IP?
02-09-2021 01:06 AM
There's a couple of thing that could cause the firewall to 'listen' on the external interface:
- don't enable a management profile on the external interface (even for valid remote admin, set one on the internal interface and apply NAT + security rules)
- is there an inbound rule with a url filtering profile/are response pages enabed on the external interface
- is there an inbound nat rule that's not set properly
- is there an authentication/captive portal rule active that may have been set too wide (any)
02-16-2021 07:55 AM
It was a lingering GP profile on Panorama pointing to one of the stack templates for this HA pair. Once I removed it that message went away. And FWIW if you have a management profile on an outisde interface and its locked down to source IPs then non-source IPs wont see that port open whereas they do with a GP profile.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!