Forum Discussion

Pooja_Varekar208's avatar
Pooja_Varekar208
Icon for Altostratus rankAltostratus
Dec 23, 2024

ports are showing open on online scanning tool

In our case F5 sited as a front facing device both the links are terminated on F5 device and incoming and outgoing traffic going through out F5 DNS

 

Incoming:  Client-->F5-->SW-->FW-->DMZ

Outgoing:  DMZ-->FW-->SW-->F5-->Client

 

We have enabled port lockdown “Allow none ” for self IP then we have concern about why this ports are showing open on online scanning tool?

Could you please confirm - Do we need to implement any additional policies to block all ports for the public IP?

 

 

Thanks,

Pooja

 

  • Pooja_Varekar208 Are you positive you have "Allow none" on the public facing self and floating IPs? Are you positive that you have not configured a Virtual Server (VS) with either the floating or self IP? Other than those two items for LTM you shouldn't be listening on any particular port on the public facing self or floating IP. Can you share the scan results?

    • Pooja_Varekar208's avatar
      Pooja_Varekar208
      Icon for Altostratus rankAltostratus

      Paulius, thanks for your reply. As you mentioned, in our scenario, one condition is met: the self IP is configured as a virtual server. To resolve this, can we change the self IP during downtime?

      • Paulius's avatar
        Paulius
        Icon for MVP rankMVP

        Pooja_Varekar208 This depends on your overall configuration. At face value, you should be able to create a new virtual server (VS) the exact same way but with a different virtual IP to test and then during a maintenance window you can remove the old VS and point everything to the new VS. For future reference, you should refrain from using the self or floating IPs as a VS because it can cause some issue, your security scan being one of them.

  • If ports are showing as open in an online scanning tool, it typically means that the system you're scanning (whether it's a server, network, or device) is accepting incoming connections on those ports. This could indicate potential security risks or might be necessary depending on the services you're running on the system. Here's how to handle this situation:

    Steps to Consider:

    1. Identify Open Ports and Services:
      • Review the ports that are open. Commonly open ports include 80 (HTTP), 443 (HTTPS), 22 (SSH), 21 (FTP), etc.