Re: Should I open port 50 on my firewall
From: T. Sean Weintz (strap_at_hanh-ct.org)
Date: 09/30/04
- Next message: Mike Firelli: "Sygate personal firewall requires Internet Explorer?"
- Previous message: wayne: "connect to another computer on our network"
- In reply to: Tigger: "Should I open port 50 on my firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Sep 2004 17:34:21 -0400
Tigger wrote:
> We have two groups of people setting up an SA to our sonicwall. One
> has been successful without changing any access rules in the
> sonciwall.
> The other could not create a vpn tunnel without creating an access
> rule that looks like this:
>
> IPSEC (ESP) [0,50]
> Source (the remote ip address of the VPN) WAN
> Destination *
>
> Would a rule like this compromise our LAN and/or firewall in any way.
> It has always been my experience that we didn't have to open up any
> ports or create any services on our Sonicwall.
> Any thoughts would be appreciated.
Couple of things:
#1 - that not PORT 50, that's IP Protocol 50.
#2 - you should not have to do this. Especially the "*" destination.
Something is obviously different between how the two groups are setting
things up. Look into that.
#3 you do not want to create that rule. It will allow anyone with a
public address or a 1 to 1 natted public address on your lan to set up
their own rogue VPN.
- Next message: Mike Firelli: "Sygate personal firewall requires Internet Explorer?"
- Previous message: wayne: "connect to another computer on our network"
- In reply to: Tigger: "Should I open port 50 on my firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
