https://community.extremenetworks.com/t5/extremeswitching-exos-switch/port-scanner-shows-a-wide-range-of-ports-blocked-which-the/m-p/87598#M20868 <P>Switches are X670G2&nbsp;with FW 22.6.1.4. We also have X460G2 which are 1G switches but for some reason they didn’t detect any blocked ports for these.</P> Mon, 24 Aug 2020 22:42:50 GMT KG1790 2020-08-24T22:42:50Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/port-scanner-shows-a-wide-range-of-ports-blocked-which-the/m-p/87594#M20864 <P>No ACL has been configured but a lot of the ports have been scanned and are found to be blocked. See excerpt below.</P><P>I believe if you dont configure any ACL, all ports should be open by default. Is there any relevant documentation that lists all the ports being blocked by default?</P><P>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</P><P>RESULTS:<BR />Some of the ports filtered by the firewall are: 20, 21, 22, 23, 25, 53, 80, 111, 135, 443.<BR />Listed below are the ports filtered by the firewall.<BR />No response has been received when any of these ports are probed.<BR />1,6,8-11,13-14,27,30-31,33,38-39,41,43-44,46-47,52,54-55,61,64,68,72,<BR />76-77,79-81,83,88,94,97,101,104,106,113-114,117,120-122,124,127-128,131,<BR />135,137,139,143-144,146,149-151,159,161,171-173,176,178-179,181-182,184-185,<BR />187,193,196,200,202,204,206-207,217,225,228-229,233-234,244,246,253-256,<BR />260,262,264,266,272-273,278,293,297-298,305,307-310,313,315,317-318,320-322,<BR />332,334,339,342,344,346,348,352-353,356,359,362,366,369,374,377,380,385-386,<BR />391-392,394-396,401-402,406,410,412,416-417,426-427,431,434,442,454,456,<BR />458-459,463,465-467,470,474-475,480,483-484,486,488,490-492,495-496,498,<BR />504,506-509,511,515,517-518,522,528,531-532,534-536,538,540, and more.<BR />&nbsp;</P> Mon, 24 Aug 2020 16:11:59 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/port-scanner-shows-a-wide-range-of-ports-blocked-which-the/m-p/87594#M20864 KG1790 2020-08-24T16:11:59Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/port-scanner-shows-a-wide-range-of-ports-blocked-which-the/m-p/87595#M20865 <P>KG,</P><P>I would not expect Extreme XOS switches to block any ports unless they are configured to do so. Also in your post you say “Some of the ports filtered by the firewall are: 20, 21, 22, 23, 25, 53, 80, 111, 135, 443.<BR />Listed below are the ports filtered by the firewall.”</P><P>I would expect a firewall to block all ports that it is not configured to allow.</P> Mon, 24 Aug 2020 19:19:54 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/port-scanner-shows-a-wide-range-of-ports-blocked-which-the/m-p/87595#M20865 davidj_cogliane 2020-08-24T19:19:54Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/port-scanner-shows-a-wide-range-of-ports-blocked-which-the/m-p/87596#M20866 <P>Sorry for the confusion. The statement below came from the scan results by the customer. It doesn’t mean that there is a firewall in between them and the switch. They just assumed as such because ports are being blocked by the switch.</P><P>“Some of the ports filtered by the firewall are: 20, 21, 22, 23, 25, 53, 80, 111, 135, 443.<BR />Listed below are the ports filtered by the firewall.”</P><P>I have checked both from cli using <STRONG>show configuration acl&nbsp;</STRONG>and from GUI, there is no ACL configured.</P> Mon, 24 Aug 2020 22:02:58 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/port-scanner-shows-a-wide-range-of-ports-blocked-which-the/m-p/87596#M20866 KG1790 2020-08-24T22:02:58Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/port-scanner-shows-a-wide-range-of-ports-blocked-which-the/m-p/87597#M20867 <P>What kind of switches are we talking about and what firmware are they running?</P> Mon, 24 Aug 2020 22:05:12 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/port-scanner-shows-a-wide-range-of-ports-blocked-which-the/m-p/87597#M20867 davidj_cogliane 2020-08-24T22:05:12Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/port-scanner-shows-a-wide-range-of-ports-blocked-which-the/m-p/87598#M20868 <P>Switches are X670G2&nbsp;with FW 22.6.1.4. We also have X460G2 which are 1G switches but for some reason they didn’t detect any blocked ports for these.</P> Mon, 24 Aug 2020 22:42:50 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/port-scanner-shows-a-wide-range-of-ports-blocked-which-the/m-p/87598#M20868 KG1790 2020-08-24T22:42:50Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/port-scanner-shows-a-wide-range-of-ports-blocked-which-the/m-p/87599#M20869 <P>I have never seen a X670-G2 block port 23 or 22 which we use all the time for telnet and ssh.</P><P>With that being said, are you only able to access the switches via the local console connection?</P> Mon, 24 Aug 2020 23:14:17 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/port-scanner-shows-a-wide-range-of-ports-blocked-which-the/m-p/87599#M20869 davidj_cogliane 2020-08-24T23:14:17Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/port-scanner-shows-a-wide-range-of-ports-blocked-which-the/m-p/87600#M20870 <P>Sorry, I still don’t really understand the problem.</P><P>What did the customer scan?</P><P>Did he do a port-scan on the mgmt IP-address of the switch? I would suspect that most ports are blocked then and only some are opened (e.g. telnet (if enabled), ssh (if enabled) and so on)</P><P>Did he do a port-scan on a system (e.g. Server) that connects to the switch?</P><P>Did he do a port-scan on a system in the internet?</P><P>This is the big question: From where to where was the port-scan executed?</P> Thu, 27 Aug 2020 15:36:57 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/port-scanner-shows-a-wide-range-of-ports-blocked-which-the/m-p/87600#M20870 Stefan_K_ 2020-08-27T15:36:57Z