Meraki Community

PasTro · ‎Dec 5 2019

Hi,

Question from my PCI guy.

Is it possible to close ports 53, 179, 8090, 8181, 123 and 161 from the LAN on a MX67?

The PCI guy did a LAN side Nmap test and those ports was open.

Thanks,

Pascal

Kamome · ‎Dec 5 2019

Also, 123 is for NTP, and 161 is for SNMP.
If you don't use SNMP, you can disable it. But need to open NTP in order to MX can keep correct time.

View solution in original post

ww · ‎Dec 5 2019

Some ports are used for things like local status page, splash page, content filter block message etc. You can disable those features. Some ports will still be open. But i guess you can not abuse them unless you prove otherwise 😉

You have clients directly connected to your mx?

PhilipDAth · ‎Dec 5 2019

Port 53 is used for DNS resolution, so you may not want to close that one.

179 is used for BGP. It's closed on our MX (so you can't connect to it) but it responds to a SYN scan.

8090 and 8081 are open on our MX as well. I have no idea what they are used for.

Interestingly enough your scan doesn't show port 80, so I'm guessing you have the local status page disabled.

Kamome · ‎Dec 5 2019

Also, 123 is for NTP, and 161 is for SNMP.
If you don't use SNMP, you can disable it. But need to open NTP in order to MX can keep correct time.

PasTro · ‎Dec 6 2019

Thank you guys for your answers.

Meraki Community

Disable ports

Disable ports