I ran a Trustwave ASC scan on one of my routers and failed the test.
The frist time accound I failed on some Ports with UDP that needed to be closed. On the 2nd test this report came back.
I have remote admin access enabled (not using incontroll) using HTTPS with a strong username and password combo. Is this the cause for the failed “Remote Access Test” ?
Further we are have enabled the VPN with L2TP / IPsec.
Is the fail based on a limitation of this Peplink Balance One or is there stomething I can improve?
Today I scanned my home network and the first results were horrific. I thought I could trust the firewall and security settings on my Synology NAS but obviously not.
I remove the entire NAS and Remote access from the network. Broke it down to almost nothing.
Stil the scann finds these vulneratbilities. This network doesn’t have to be PCI compliant but I rather pass all the test.
Since I have no idea to wat settings most of these failures relate to I look forward to your advice.
I was able to turn all warnings off by going trough my routersetp with a fine comb and select eveery “?” and turned off whatever was turned on.
Finally I received a new report with one failure mentioning “serivce not found” but I consider that as a good thing.
Now the challenge is to start enabling certain features again one at the time and see witch one causes an error.
As for SSL certs I will search this forum on more advice.
I kind of know what they are but don’t want’ to mess up any other serivices out there if I buy a SSL cert for my domain and start applying them on my router and server…
New terrain for me and no one to help me other then “manuals” and forums…
We have a client with a Balance One that has FW 7.0.2 that is failing Trustwave scan with the same failures as ScooterIT’s first post. We may have resolved the first two failures by disabling WAN management as the scan is against the WAN port. The 2nd two I’m having trouble resolving. The client isn’t using any site-to-site VPNs (PepVPN or IPsec VPN) but they are using L2TP remote user VPNs. I’ve seen a lot of forum posts about disabling TLS 1.0 to resolve the Trustwave VPN failures but it was all related to PepVPN. I’m not sure what to do next?
Sorry, I can’t give you any specific answer about what worked for me. What I did was to go through all the settings under the Network tab and click every “?” to access additional and advanced settings.
For sure you need to disable the remote admin access and UPnP / NAT-PMP in the Port forwarding section!
Update, the evening after I sent this the client suffered a lighting strike and I had to replace their Balance One Core with a new one. I updated the FW to 7.1.0 and pushed the backed up config (thank goodness I had that!). After this they re-ran the test and it passed? No other changes since I sent the message. The only difference was the other router had 7.0.2 and the new one has 7.1.0. I did see in the release notes that 7.1.0 added some Diffie–Hellman groups. I hope this helps!
