Hello,
Question about the WAN appliance services on MX devices. I have an MX 67 that is answering login requests on the WAN port. As far as I can tell the MX is configured to not answer those requests, however port 443 is publicly open to connection requests.
The WAN appliance services config is below. I see no firewall rules allowing the connection either, so I am a little puzzled. Obviously I don't want the MX advertising port 443 and am hoping someone in the community can shed some light on this one.
Thanks in advance! 🙂
Solved! Go to solution.
That's because you have either a legacy backend option enabled by Support OR the Early Access feature enabled ( they are the same 😞
What kind of login requests are you talking about?
Entering the WAN IP in a browser results in the appliance details page and a login prompt when clicking on the configure button. Exactly the same as you would expect when connecting to the MX via IP on the locally connected network.
The MX config page is accessible via the WAN port, which I do not want.
You probably have the remote local status page enabled :
I never enable that page. Filled with security issues and CVEs. Only enabling it if I don't have any other options.
Interesting in that I don't see a Remote device status page option.
That's because you have either a legacy backend option enabled by Support OR the Early Access feature enabled ( they are the same 😞
I just checked on of my network that has the legacy NAT Exception option and the Remote status page option is visible. I don't know why it is not showing in your case.
Edit : Enable or disable access to wireless et switch device status pages at http://[device's LAN IP].
Forget the "Remote device status pages". Just try to disable the local status page and check if you still have the page accessible.
The NAT Exceptions with Manual Inbound Firewall opt in is disabled. I'll call support to find out about the legacy backend option.
Thanks very much for your quick responses!! 🙂