[USG20] Turn off unused device ports

MyITGuy
MyITGuy Posts: 3  Freshman Member
First Comment
edited April 2021 in Security
Does anyone know how to turn off unused ports?

For example, we don't use SSO (port 2158) or DNS (port 53). The web GUI does not have a checkbox to Enable/Disable the service.

Another example, we don't use FTP (port 21). The web GUI has a checkbox to Enable/Disable FTP, but it does not turn off port 21.

Any assistance is appreciated.

Cheers

Accepted Solution

  • MyITGuy
    MyITGuy Posts: 3  Freshman Member
    First Comment
    Answer ✓
    After a conversation with ZyXEL support, it appears that unused services/ports cannot be disabled. The expectation is to utilize the security policy to control access to these services/ports.

All Replies

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hello MyITGuy,
    If you worry about the unused port to be attacked or listened, clients can create the rule to block the service on firewall. (If you want to use service, just disable the rule). Also, enable the ADP feature to prevent the Port to be listened.
    For example, avoid the FTP service to be attacked.
    Group the service which you want to manage.

    Block the Service

    Charlie

  • MyITGuy
    MyITGuy Posts: 3  Freshman Member
    First Comment
    Hey Charlie,

    Thank you for the detail and the workaround. Unfortunately, we need the ports turned off, not just blocked.
  • MyITGuy
    MyITGuy Posts: 3  Freshman Member
    First Comment
    Answer ✓
    After a conversation with ZyXEL support, it appears that unused services/ports cannot be disabled. The expectation is to utilize the security policy to control access to these services/ports.

Security Highlight