Firebox WEB

Hello everyone.
Tell me how you can protect port 8080, which is used for management via the web, an audit was conducted after there were comments on port 8080 since it works over HTTP, you need to make it work over HTTPS, how to configure it?

Comments

  • If you connect to your firewall port using HTTP on port 8080, the firewall redirects to HTTPS.
    If you want to prevent access to the firewall on HTTP, add a HTTP packet filter From: Any-trusted, Any-optional To: Firebox, and set this to Denied.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    The firewall replies with a permanently moved (HTTP 301) with an automatic redirect to the same site via https. No data aside from that redirect is transmitted via HTTP. This is so that if a customer types in http instead of https in the URL, they still land in the correct place.

    By default the firewall's WatchGuard WebUI rule will only allow traffic from Any-Trusted and Any-Optional. If an external entity is able to see the firewall on that port, the rule has either been modified or another rule is allowing access to the firewall via that port.

    If you are doing a security scan (PCI, HIPAA, etc compliance) I would suggest asking them what kind of response they're getting and if they can elaborate on it. Most firms like that simply use a customized NESSUS scan/report and may not even look at or interpret the results from it aside from handing over whatever automated blurb it spits out.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.