DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
2930 - Allow management from the Internet - Can't Disable!
- garethrees
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 23
- Thank you received: 0
07 Feb 2010 18:17 #60402
by garethrees
2930 - Allow management from the Internet - Can't Disable! was created by garethrees
Hello,
I've just setup a new 2930 and configured it so that 'Allow management from the Internet' is disabled, however when I port scan from outside (via the internet) port 443 is open and available to login to the admin interface.
Has anyone else experienced the same problem?
I've just setup a new 2930 and configured it so that 'Allow management from the Internet' is disabled, however when I port scan from outside (via the internet) port 443 is open and available to login to the admin interface.
Has anyone else experienced the same problem?
Please Log in or Create an account to join the conversation.
- voodle
- Offline
- Big Contributor
Less
More
- Posts: 1139
- Thank you received: 0
07 Feb 2010 21:47 #60407
by voodle
Replied by voodle on topic 2930 - Allow management from the Internet - Can't Disable!
That's the SSL VPN port, if you've got the latest firmware, you can change that under SSL VPN and General Setup.
Please Log in or Create an account to join the conversation.
- garethrees
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 23
- Thank you received: 0
07 Feb 2010 22:15 #60408
by garethrees
Thanks for the reply, does the SSL VPN port usually show the normal login page when you https:// to it?
Replied by garethrees on topic 2930 - Allow management from the Internet - Can't Disable!
That's the SSL VPN port, if you've got the latest firmware, you can change that under SSL VPN and General Setup.Voodle wrote:
Thanks for the reply, does the SSL VPN port usually show the normal login page when you https://
Please Log in or Create an account to join the conversation.
- voodle
- Offline
- Big Contributor
Less
More
- Posts: 1139
- Thank you received: 0
07 Feb 2010 22:28 #60409
by voodle
Replied by voodle on topic 2930 - Allow management from the Internet - Can't Disable!
It does, yes, but you shouldn't be able to log in for remote management when you do that, only with a username / password set up for a dial-in user with SSL VPN enabled.
Please Log in or Create an account to join the conversation.
- garethrees
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 23
- Thank you received: 0
08 Feb 2010 07:11 #60413
by garethrees
Replied by garethrees on topic 2930 - Allow management from the Internet - Can't Disable!
Thanks again, this is interesting I've tried logging in on the external IP https://x.x.x.x/ and I get a webpage weblogin.htm which allows me to login in as admin and change the firewall settings, however the VPN user/password does not.
I then changed the SSL VPN General Setup port from 443 to 444 and tried tohttps://x.x.x.x:444/ and it times out, prob because Web VPN is not enabled.
Will investigate more and post results.
I then changed the SSL VPN General Setup port from 443 to 444 and tried to
Will investigate more and post results.
Please Log in or Create an account to join the conversation.
- garethrees
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 23
- Thank you received: 0
08 Feb 2010 13:53 #60420
by garethrees
Replied by garethrees on topic 2930 - Allow management from the Internet - Can't Disable!
Doing a little more testing from outside the firewall it seams that even with the following settings you CAN manage the firewall from the internet.
If you https:// then you get access to the Web Login page for managing the firewall. (The same one you get internally)
If I change the WEB VPN to 444 then the Admin login times out but is not available on port 444 ??? I would of expected the page to move to 444.
I think I will raise a bug against this with Draytek.
As a security work around I've set a port forward 443 to a dummy location, so that you cannot access the Web Based Management from the internet.
If you https://
If I change the WEB VPN to 444 then the Admin login times out but is not available on port 444 ??? I would of expected the page to move to 444.
I think I will raise a bug against this with Draytek.
As a security work around I've set a port forward 443 to a dummy location, so that you cannot access the Web Based Management from the internet.
Please Log in or Create an account to join the conversation.
Moderators: Sami
Copyright © 2024 DrayTek