Hello,

I've just setup a new 2930 and configured it so that 'Allow management from the Internet' is disabled, however when I port scan from outside (via the internet) port 443 is open and available to login to the admin interface.

Has anyone else experienced the same problem?

That's the SSL VPN port, if you've got the latest firmware, you can change that under SSL VPN and General Setup.

Voodle wrote: That's the SSL VPN port, if you've got the latest firmware, you can change that under SSL VPN and General Setup.

Thanks for the reply, does the SSL VPN port usually show the normal login page when you https:// to it?

It does, yes, but you shouldn't be able to log in for remote management when you do that, only with a username / password set up for a dial-in user with SSL VPN enabled.

Thanks again, this is interesting I've tried logging in on the external IP https://x.x.x.x/ and I get a webpage weblogin.htm which allows me to login in as admin and change the firewall settings, however the VPN user/password does not.

I then changed the SSL VPN General Setup port from 443 to 444 and tried to https://x.x.x.x:444/ and it times out, prob because Web VPN is not enabled.

Will investigate more and post results.

Doing a little more testing from outside the firewall it seams that even with the following settings you CAN manage the firewall from the internet.



If you https:// then you get access to the Web Login page for managing the firewall. (The same one you get internally)

If I change the WEB VPN to 444 then the Admin login times out but is not available on port 444 ??? I would of expected the page to move to 444.

I think I will raise a bug against this with Draytek.

As a security work around I've set a port forward 443 to a dummy location, so that you cannot access the Web Based Management from the internet.