Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Service Object / PCI Compliance issue

I have a TZ400 and updated to latest firmware.

I have a camera in office. I have added a service object / cam services on port 81.

When I run PC! scan, it fails and says ...

CGI: HTTP Security Header Not Detected : 81 / tcp

CGI: Session Cookie Does Not Contain the "Secure" Attribute: 81 / tcp

There is no issues on scan and port 81, on web server, web application, information gathering,

Please help of what I can do so PCI scan does not fail

Category: Firewall Management and Analytics
Reply

Answers

  • Hi @MIKE11224466,

    Thank you for visiting SonicWall Community.

    Seems like the PCI scan is failing for your camera on port TCP 81 since the port is opened on the firewall. The firewall will pass the traffic on TCP 81 to the camera. This scan failure needs to be fixed at the camera side. There should be some setting on the camera that you can check with the camera support and have this fixed.

    Hope this helps. Please let me know if any questions or clarifications.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • I tried on camera side and there was no settings to do that..
    I feel under service object or another place should be able to inject http??
  • Hi @MIKE11224466,

    Service object in the SonicWall will act as an interface to enforce the port numbers to the policies such as NAT, Access rule, etc,., In SonicWall, we have allowed port TCP 81 to the camera. So traffics destined to the camera is allowed by the SonicWall after validation. The request/response on TCP 81 is dealt by the camera therefore.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • Would be possible to close port 81 easily and temporarily to pass compliance?
  • Hi @MIKE11224466,

    Yes, set the access rule to block the port TCP 81 for time being when the scan is performed and after procuring the results, please set the rule back to allow for camera access.

    Hope this helps.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • Thanks 🙏
    Can you tell me steps exactly how to do this please?
    I appreciate your help
  • @MIKE11224466 - Could you please share the "Zone" (LAN or any custom zone) of your camera located behind the firewall? Also, please share the address object name of your camera IP address on the SonicWall. I can give you the precise steps.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • Mike11224466Mike11224466 Newbie ✭
    Thanks
    Address Object name: CAMERA
    Zone: LAN
    Type: Host
Sign In or Register to comment.