My PCI compliance scanner recently started flagging open ports 32015 (pepvpn) and 500 (L2TP) on my peplink balance 305 WAN and now I can’t pass the PCI compliance scan. Both pepvpn and L2TP are disabled for this WAN. I found out on ticket #789578 that these ports cannot be closed, even though the vpns are disabled.
Now, as a workaround, I have to figure out some sort of port-filtering network bridge to put upstream of my peplink WAN to close those ports.
Can you modify the balance to close ports 32015 and 500 altogether if pepvpn and L2TP are disabled for those wans? I understand that it would be identical from a security standpoint, but then I’d be able to pass this necessary test.
p.s. if anyone has leads on a good tool to use for a port-filtering network bridge, I’m all ears. I’m leaning towards setting up a dedicated ubuntu box.