Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

nonesuch
New Contributor

Created on ‎06-29-2017 06:56 AM

IPSec VPN port 445

With the recent Ransomware should I specifically block port 445 on my IPSec policy or being a tunnel is it okay to leave as is?

Thanks

MJF

Labels:
215
0 Kudos
1 Solution
harald21
Contributor

Created on ‎07-03-2017 10:30 PM

Hello,

 

I dont think blocking SMB (tcp/445) inside a vpn tunnel is the right solution, because you need this for Windows network file access.

To protect your systems I would instead assign an IPS profile to the tunnel traffic. (both WCra and Petya will be matched by the signature "MS.SMB.Server.SMB1.Trans2.Secondary.Handling.Code.Execution")

 

Sincerely

Harald

View solution in original post

211
0 Kudos
1 REPLY 1
harald21
Contributor

Created on ‎07-03-2017 10:30 PM

Hello,

 

I dont think blocking SMB (tcp/445) inside a vpn tunnel is the right solution, because you need this for Windows network file access.

To protect your systems I would instead assign an IPS profile to the tunnel traffic. (both WCra and Petya will be matched by the signature "MS.SMB.Server.SMB1.Trans2.Secondary.Handling.Code.Execution")

 

Sincerely

Harald

212
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.