(in theory I'm thinking this will restrict WAN access to ISAKMP ports on the main firewall to only the branch IP addresses).Īn internet-based port scanned showed UDP 500 still open|filtered. I then created the below address group that I put these two objects inĪfter this, I went to the access rules and edited the default VPN rules for the IKE service and changed the 'Any' source to UDP500AccessGroupForVPN. VPNudp500AccessSite2 (external IP of branch2 firewall).VPNudp500AccessSite1 (external IP of branch1 firewall).I attempted to address by creating two Address objects: On a PCI compliance scan of my main firewall, UDP port 500 is showing open. I have a TZ600 with IPSEC tunnels to two branch locations (other end points are also TZ series).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |