Information: On new shipping Management Gateway's all private IP addresses are now included in the firewall block list

Version 3

    Description

     

    On all current shipping Management Gateways, the entire private IP address range is now included on the firewall blocked list. The affected ranges are listed below:

     

    • 192.168.x.x
    • 10.x.x.x
    • 172.16.x.x

     

    The effect this has on installation and troubleshooting is that any device in the range (core server, device in the DMZ, etc.) will be rejected by the Gateway until the blocked address range is removed completely.  Even specifically allowed addresses will be ignored. Activation and Patching will not work until affected ranges are removed.

     

    Purpose

     

    The reason for adding these ranges are as follows:

     

    • Private Address Spoofing through the DMZ.
    • Port scanners that attempt to impersonate internal traffic to get around firewalls.

     

    Resolution

     

    Remove the private IP range(s) in question. If security is a concern then blocking ranges around the subnet in question is recommended.