Anyone knows of iocs?
Patching closes the door but still hard to know.
Port 264 is opened by global option « Accept control connexions » and in vsx for some reason the port opens on every vs! Not only the ones actually doing vpn. Not very secure.
Anyways if you want to manually open only the needed ports the global option needs to be disabled and then every vpn community needs to be modified.
Port 264 is fw1_topo which is used by remote access clients to download toplogy from the GW.
I dont understand what you are trying to get at here.
Read the SK. An attacker can read the device ldap login, local users attached to the vpn, and they request you regenerate all of the certs on the firewall. Your iocs are all of that used against you.
There’s an IPS protection for it.
Port 264 isn’t involved in that, it’s on the base HTTP server that serves the CRL.
If you are using only site to site VPN communities and not remote access you can not disable this global option.
On a multidomain setup global option are… well…. Global so there is no way to disable this without having to manually create rules to replace implied rules.
I am looking at perimeter gateways on a VS filtering outgoing traffic, which don’t even have vpn blade active allowing connexions on this port, not only on vs0 but on all of the vs!
turn off remote access control connections