Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Stopping connections on IKE/500 except from remote S2S IP

JRVcstJRVcst Newbie ✭
in Entry Level Firewalls

TZ400W v6.5.4.11-97n

Cyberinsurance provider does routine port scans against WAN IPs associated with the hosts in the external DNZ zone. They are now complaining that IKE/500 on the TZ is open to the Internet. We have a S2S IPSec VPN to a remote site, so no choice that I know of except to keep 500 open.

I modified the auto-added inbound IKE rule to allow connections only when the source is the remote site's WAN subnet.

Requested another scan from cyberinsurance. They say the port's still open.

I've asked for clarification of their requirements. But meantime, is there anything else I'd need to do to keep IKE/500 from being abused by the bad guys other than restrict connections from the remote WAN subnet?

TIA

Category: Entry Level Firewalls
Reply
Tagged:

Best Answer

  • CORRECT ANSWER
    MustafaAMustafaA SonicWall Employee
    Answer ✓

    @JRVcst , if you have narrowed down the source of the WAN to WAN Access Rule for the IPSec communication, you should be good. Make sure the priority is set correctly or there is no additional Access Rule which allows this unwanted traffic.

Answers

  • JRVcstJRVcst Newbie ✭

    @MustafaA, thanks! The auto-created inbound IKE rule is the only inbound IKE rule.

    And, yes, I'd think that would be all that would be needed, too.

    When the cyberinsurance carrier gets back to me with specific findings and requirements, I'll post here if I can't figure out how to meet them. Unfortunately, my past experience with them is that there will be no way to meet them. But we'll see.

Sign In or Register to comment.