With the recent Ransomware should I specifically block port 445 on my IPSec policy or being a tunnel is it okay to leave as is?
I dont think blocking SMB (tcp/445) inside a vpn tunnel is the right solution, because you need this for Windows network file access.
To protect your systems I would instead assign an IPS profile to the tunnel traffic. (both WCra and Petya will be matched by the signature "MS.SMB.Server.SMB1.Trans2.Secondary.Handling.Code.Execution")
Products Solutions Support Partners Threat Research Contact Us