DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

SSL VPN failing PCI compliance scan

  • jon2016
  • Topic Author
  • Offline
  • New Member
  • New Member
More
27 Jan 2016 12:17 #85180 by jon2016
SSL VPN failing PCI compliance scan was created by jon2016
Hi is it possible to close the SSL VPN port. I have removed the tick from "Enable SSL VPN service" but if I do a port scan the port is still open.
This causes the PCI compliance scan to fail with
Self Signed Certificate on port 443
SHA1 certificate on port 443
TLS 1.0 detected on port 443
This port needs to be closed, we do not use HTTPS or SSL VPN.

Please Log in or Create an account to join the conversation.

More
28 Jan 2016 09:22 #85181 by admin
Replied by admin on topic Re: SSL VPN failing PCI compliance scan
Have you also disabled remote management or HTTPS ?



Forum Administrator

Please Log in or Create an account to join the conversation.

  • jon2016
  • Topic Author
  • Offline
  • New Member
  • New Member
More
28 Jan 2016 09:32 #85182 by jon2016
Replied by jon2016 on topic Re: SSL VPN failing PCI compliance scan
yes remote management is disabled. It is definitely the SSL VPN port that is causing the problem because if I change it to say 4433 with SSL VPN disabled it fails the PCI compliance test with port 4433 open! It seems that even with SSL VPN disabled the port is still open.

Please Log in or Create an account to join the conversation.

More
29 Jan 2016 11:51 #85202 by dansw
Replied by dansw on topic Re: SSL VPN failing PCI compliance scan
This is interesting as I have just started to use SSL VPN with our Draytek 2830, albeit on a differnt port from default, and the last Security Metrics PCI scan passed with it switched on.

Please Log in or Create an account to join the conversation.

  • jon2016
  • Topic Author
  • Offline
  • New Member
  • New Member
More
29 Jan 2016 18:46 #85208 by jon2016
Replied by jon2016 on topic Re: SSL VPN failing PCI compliance scan
Yes we passed last time. They changed the rules in December, you cant use TLS 1.0, Certificates need to be SHA-2. We don't use SSL VPN but the port stays open even when its disabled!

Please Log in or Create an account to join the conversation.

More
08 Feb 2016 13:32 #85305 by neilevans88
Replied by neilevans88 on topic Re: SSL VPN failing PCI compliance scan
yes, I am experiencing the same issue. Router is a 2830. Although turned off and bound to WAN2. A scan on WAN1 still fails. You can also browse to the web interface as well. Regardless also if you change port numbers. Any thoughts how to fix? Currently our Security Metric PCI scan is failing because of this.

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami