My virtual server pulib to Internet via F5 and just open port http/80, https/443, but when i try to telnet port 1720 to Public IP of virtual server, it connect
[telnet IP 1720], its working, althought i didnot open port 1720 at all
Please explain why can i connect to port 1720
Thank you very much
What are the results of?
and if you capture the Nmap scan in a tcpdump do you see the packets making it to bigip?
tcpdump -i 0.0:nnn -w /var/tmp/port1720.pcap host and host
Is there a Check Point firewall between the internet and the F5, and is port 1720 (H323) used in the rule base as a custom service?
If have seen this kind of behavior with on of our customers. A telnet on port 1720 is accepted by the Check Point because Check Point wants to inspect the H323 traffic. Even if it is a custom service on the same port-number.
If there is a NAT rule, it seems like the F5 is accepting the connection, but in fact it is the Check Point.
Hope this helps.
Which TMOS version do you have? Could you post your Virtual Servers configuration?
Just for curiosity I did the test in different versions of TMOS without this abnormal behavior in BIG-IP.
This is the behavior in my lab:
telnet f5labs.test.lab 1720
Connecting To f5labs.test.lab...Could not open connection to the host, on port 1720: Connect failed
nmap -sT -p 1720 f5labs.test.lab
Starting Nmap ...
Nmap scan report for f5labs.test.lab ...
Host is up.
PORT STATE SERVICE
1720/tcp filtered h323q931
My devices is 5250S, version 11.6
As i scan on all ip public, i see that i can telnet port 1720 to the public ip address.
On checkpoint, has the same problem
Any idea please