DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
SSL VPN failing PCI compliance scan
- jon2016
- Topic Author
- Offline
- New Member
Less
More
- Posts: 4
- Thank you received: 0
27 Jan 2016 12:17 #85180
by jon2016
SSL VPN failing PCI compliance scan was created by jon2016
Hi is it possible to close the SSL VPN port. I have removed the tick from "Enable SSL VPN service" but if I do a port scan the port is still open.
This causes the PCI compliance scan to fail with
Self Signed Certificate on port 443
SHA1 certificate on port 443
TLS 1.0 detected on port 443
This port needs to be closed, we do not use HTTPS or SSL VPN.
This causes the PCI compliance scan to fail with
Self Signed Certificate on port 443
SHA1 certificate on port 443
TLS 1.0 detected on port 443
This port needs to be closed, we do not use HTTPS or SSL VPN.
Please Log in or Create an account to join the conversation.
- admin
- Offline
- Site Admin
Less
More
- Posts: 1723
- Thank you received: 0
28 Jan 2016 09:22 #85181
by admin
Forum Administrator
Replied by admin on topic Re: SSL VPN failing PCI compliance scan
Have you also disabled remote management or HTTPS ?
Forum Administrator
Please Log in or Create an account to join the conversation.
- jon2016
- Topic Author
- Offline
- New Member
Less
More
- Posts: 4
- Thank you received: 0
28 Jan 2016 09:32 #85182
by jon2016
Replied by jon2016 on topic Re: SSL VPN failing PCI compliance scan
yes remote management is disabled. It is definitely the SSL VPN port that is causing the problem because if I change it to say 4433 with SSL VPN disabled it fails the PCI compliance test with port 4433 open! It seems that even with SSL VPN disabled the port is still open.
Please Log in or Create an account to join the conversation.
- dansw
- Offline
- Junior Member
Less
More
- Posts: 33
- Thank you received: 0
29 Jan 2016 11:51 #85202
by dansw
Replied by dansw on topic Re: SSL VPN failing PCI compliance scan
This is interesting as I have just started to use SSL VPN with our Draytek 2830, albeit on a differnt port from default, and the last Security Metrics PCI scan passed with it switched on.
Please Log in or Create an account to join the conversation.
- jon2016
- Topic Author
- Offline
- New Member
Less
More
- Posts: 4
- Thank you received: 0
29 Jan 2016 18:46 #85208
by jon2016
Replied by jon2016 on topic Re: SSL VPN failing PCI compliance scan
Yes we passed last time. They changed the rules in December, you cant use TLS 1.0, Certificates need to be SHA-2. We don't use SSL VPN but the port stays open even when its disabled!
Please Log in or Create an account to join the conversation.
- neilevans88
- Offline
- New Member
Less
More
- Posts: 2
- Thank you received: 0
08 Feb 2016 13:32 #85305
by neilevans88
Replied by neilevans88 on topic Re: SSL VPN failing PCI compliance scan
yes, I am experiencing the same issue. Router is a 2830. Although turned off and bound to WAN2. A scan on WAN1 still fails. You can also browse to the web interface as well. Regardless also if you change port numbers. Any thoughts how to fix? Currently our Security Metric PCI scan is failing because of this.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek