You can block the ports that you know can be used to attack your network. This stops specified external network services. Blocking ports can protect your most sensitive services.
When you block a port, you override all of the rules in your policy definitions. To block a port, see Block a Port.
In the default configuration, the XTM device blocks some destination ports. You usually do not need to change this default configuration. TCP and UDP packets are blocked for these ports:
X Window System (ports 6000-6005)
The X Window System (or X-Windows) client connection is not encrypted and is dangerous to use on the Internet.
X Font Server (port 7100)
Many versions of X Windows operate X Font Servers. The X Font Servers operate as the super-user on some hosts.
NFS (port 2049)
NFS (Network File System) is a frequently used TCP/IP service where many users use the same files on a network. New versions have important authentication and security problems. To supply NFS on the Internet can be very dangerous.
The portmapper frequently uses port 2049 for NFS. If you use NFS, make sure that NFS uses port 2049 on all your systems.
rlogin, rsh, rcp (ports 513, 514)
These services give remote access to other computers. They are a security risk and many attackers probe for these services.
RPC portmapper (port 111)
The RPC Services use port 111 to find which ports a given RPC server uses. The RPC services are easy to attack through the Internet.
Many vendors use this port, and many security problems are related to it.
The TCPmux service uses Port 1, but not frequently. You can block it to make it more difficult for tools that examine ports.
This port is always blocked by the XTM device. You cannot allow traffic on port 0 through the device.
If you must allow traffic through any of the default blocked ports to use the associated software applications, we recommend that you allow the traffic only through a VPN tunnel or use SSH (Secure Shell) with those ports.
Block a Port
About Blocked Sites