Manualshelf

User guide

ManualsBrandsWatchguard ManualsComputer equipmentFirebox X4500
161162163164165166167168169170
User Guide 153
Default Threat Protection
About blocked ports
You can block the ports that you know can be used to attack your network. This stops specified external
network services. Blocking ports can protect your most sensitive services.
When you block a port, you override all the rules in your firewall configuration. To block a port, see Block a port
.
Default blocked ports
With the default configuration, the Firebox blocks some destination ports. This gives a basic configuration that
you usually do not have to change. TCP and UDP packets for these ports are blocked:
X Window System (ports 6000-6005)
The X Window System (or X-Windows) client connection is not encrypted and is dangerous to use on
the Internet.
X Font Server (port 7100)
Many versions of X-Windows operate X Font Servers. The X Font Servers operate as the super-user on
some hosts.
NFS (port 2049)
NFS (Network File System) is a frequently used TCP/IP service where many users use the same files on
a network. New versions have important authentication and security problems. To supply NFS on the
Internet can be very dangerous.
rlogin, rsh, rcp (ports 513, 514)
These services give remote access to other computers. They are a security risk and many attackers
probe for these services.
RPC portmapper (port 111)
The RPC Services use port 111 to find which ports a given RPC server uses. The RPC services are easy
to attack through the Internet.
port 8000
Many vendors use this port, and many security problems are related to it.
port 1
The TCPmux service uses Port 1, but not frequently. You can block it to make it more difficult for the
tools that examine ports.
port 0
This port is always blocked by the Firebox. You cannot allow traffic on port 0 through the Firebox.
The portmapper frequently uses the port 2049 for NFS. If you use NFS, make sure that NFS uses the
port 2049 on all your systems
If you must allow traffic through for the types of software applications that use recommended
blocked ports, we recommend that you allow the traffic only through an IPSec VPN tunnel or use ssh
to get access to the port.