Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Port 80 open on firewall

AnkitSharma1
Here to help
2 weeks ago
2 weeks ago

Port 80 open on firewall

Team, We have opened port 80 to access our internal website via windows server, Should i disable it? What is the best practice allowing outside traffic to access our internal website. Please share your thoughts 

 

AnkitSharma1_1-1713215178142.png

 

 

0 Kudos
Subscribe
7 Replies 7
alemabrahao
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

Honestly, this is a huge security flaw, especially since you are allowing any origin.

 

To expose your website you should have at least one WAF solution.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
AnkitSharma1
Here to help
2 weeks ago
2 weeks ago

Is there any alternative to protect if we dont have WAF solutions?  

0 Kudos
Subscribe
In response to AnkitSharma1
alemabrahao
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

Allow access only via client VPN or only allow IPs from a specific origin.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
AnkitSharma1
Here to help
2 weeks ago
2 weeks ago

If I remove 80 and keep 443 then? Is it fine?

0 Kudos
Subscribe
In response to AnkitSharma1
alemabrahao
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

Any application exposed to the internet is a risk, I can say that it is a little better, but at least ensure that all system patches are up to date.

 

And think about investing in a WAF solution in the near future.

  One option is to host your website on AWS and use their WAF solution.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

What I have been doing recently is using an Amazon AWS Application Load Balancer with a backend target type of "IP Address".  You then enable WAF for that.  Typically I run the connection back to the on-premise site via VPN.  It costs about USD$30/month.
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html... 

This is on the assumption you can't just move the entire web site to the cloud - which would be my first choice.

0 Kudos
Subscribe
K2_Josh
Building a reputation
2 weeks ago
2 weeks ago

I recommend Cloudlare as a WAF for its ease of use, security and cost effectiveness. Whether you go with Cloudflare or another SaaS-based WAF, you would setup your MX to only allow HTTPS ingress from the vendors IP ranges.

Another option that might work in some cases, in conjunction with or in place of VPN-solutions, is to allowlist IP ranges from remote sites with static IPs on the MX. In this case, the traffic is still flowing directly over the internet but the data is encrypted and it can only originate from specific locations.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.