Many companies today are required to be PCI compliant. This article is meant to point you in the right direction for PCI compliance, whether you are looking to be proactive about it or you've failed a PCI scan and need to get your Untangle where it needs to be.
Untangle NGFW by default blocks everything originating externally, therefore, by default it should pass a PCI scan. The content of this article is for those that have made configurations that have failed you on the scan or want to know what to look out for.
Config > Network:
The first place you'll want to look is Port Forward Rules. Open ports on your box is a big no-no for PCI compliance. If you've had a PCI scan done, typically they will give you a list of ports that are open and need to be closed and you'll want to check the conditions of each rule for the port in question.
Note: The most common ports that fail are 443, 22, and 80 so look out for these when setting up your configuration.
If you need to have these port forward rules then it may help to be much more specific about the port forward rule. For example, If I have a rule that passes all 443 traffic to my internal server on port 443 but only need the for another remote site. You may add a condition for the rule that limits the rule for the remote subnet in question. If that doesn't work, the only option at this point would be to disable the port forward.
Certain Access Rules can also cause some issues if you are opening up the untangle admin interface up to the external side. You'll want to look for the port in question for these as well, but, note that they do provide necessary access for some services like openVPN.
If you do have port forward rules, It may be a good Idea to use IPS to protect yourself from certain attacks when you leave ports open. To learn more about Intrusion prevention please follow these links:
Please sign in to leave a comment.