On all current shipping Management Gateways, the entire private IP address range is now included on the firewall blocked list. The affected ranges are listed below:
The effect this has on installation and troubleshooting is that any device in the range (core server, device in the DMZ, etc.) will be rejected by the Gateway until the blocked address range is removed completely. Even specifically allowed addresses will be ignored. Activation and Patching will not work until affected ranges are removed.
The reason for adding these ranges are as follows:
- Private Address Spoofing through the DMZ.
- Port scanners that attempt to impersonate internal traffic to get around firewalls.
Remove the private IP range(s) in question. If security is a concern then blocking ranges around the subnet in question is recommended.