I have disabled remote management from the internet, but port 443 is still open. We need to be PCIS compliant and I have to schedule scans of our IP address, but they keep failing as port 443 is self signed so I just want to block port 443 so it isn't seen as open by the scanner. Why is it still listening on port 443 despite me turning off remote management from internet ?

It does this for SSL VPNs. I've changed my SSL VPN port to a high random port that does not show on standard port scans, however 2860 still leaves 443 open. I NAT port 80 and 443 to non existing internal IPs so they don't appear on a port scan.

Hello dazeck

If I probe port 443 it returns STEALTH for me.

You need to untick several options to achieve this

System Maintenance > Management > Untick "Allow Management from the Internet" Untick "Enable SSL 3.0" (should be using TLS these days )
VPN and Remote Access > Remote access Control > Untick "Enable SSL VPN Service"

John.

Anaglypta wrote:
System Maintenance > Management > Untick "Allow Management from the Internet" Untick "Enable SSL 3.0" (should be using TLS these days )

Yeh already done this, that was the easy one to find.

Anaglypta wrote:
VPN and Remote Access > Remote access Control > Untick "Enable SSL VPN Service"

That was the one I was missing, top man, thanks for that. I am now seen as closed on 443 so we should pass the scan now.

Thanks again
Darren