About Blocked Ports on Cloud-Managed Fireboxes

Applies To: Cloud-managed Fireboxes

This document applies to Fireboxes you manage in WatchGuard Cloud. For information that applies to Fireboxes managed in Fireware Web UI or WatchGuard System Manager, go to: About Blocked Ports.

Overview

Ports are used to map traffic to a particular process on a computer. These ports, also called TCP and UDP ports, are where programs transmit data. When a computer sends traffic over the Internet to a server or another computer, it uses an IP address to identify the server or remote computer, and a port number to identify the process on the server or computer that receives the data.

If a port is open, your computer accepts information and uses the protocol identified with that port to create connections to other computers. However, an open port is a security risk.

To protect against risks created by open ports, you can configure your cloud-managed Firebox to block the ports that you know can be used to attack your network. The Firebox denies all traffic to blocked ports on all external interfaces.

When you block a port, you override all of the rules in your firewall policy definitions. For more information about how to block a port, go to Add Blocked Sites and Blocked Ports on a Cloud-Managed Firebox.

Default Blocked Ports

In the default configuration, the Firebox blocks some destination ports. You usually do not need to change this default configuration. TCP and UDP packets are blocked for these ports:

port 0

This port is always blocked by the Firebox. You cannot allow traffic on port 0 through the device.

port 1

The TCPmux service uses Port 1, but not frequently. You can block it to make it more difficult for tools that examine ports.

RPC portmapper (port 111)

The RPC Services use port 111 to find which ports a given RPC server uses. The RPC services are easy to attack through the Internet.

The portmapper frequently uses port 2049 for NFS. If you use NFS, make sure that NFS uses port 2049 on all your systems.

rlogin, rsh, rcp (ports 513, 514)

These services give remote access to other computers. They are a security risk and many attackers probe for these services.

NFS (port 2049)

NFS (Network File System) is a frequently used TCP/IP service where many users use the same files on a network. New versions have important authentication and security problems. To supply NFS on the Internet can be very dangerous.

X Window System (ports 6000-6005)

The X Window System (or X-Windows) client connection is not encrypted and is dangerous to use on the Internet.

X Font Server (port 7100)

Many versions of X Windows operate X Font Servers. The X Font Servers operate as the super-user on some hosts.

port 8000

This port is used for system management by many vendors and the vendor's software might contain vulnerabilities. Many web proxies also use this port as an alternate HTTP port. This port is also used for communication by some forms of malware.

If you must allow traffic through any of the default blocked ports to use the associated software applications, we recommend that you allow the traffic only through a VPN tunnel. You should also enable Intrusion Prevention Services (IPS) for improved security. For more information about how to enable IPS, go to Configure Network Blocking in WatchGuard Cloud.

Related Topics

Add Blocked Sites and Blocked Ports on a Cloud-Managed Firebox