Open ports are ports that are open to devices outside your network. Open ports provide access into your network including potentially malicious actors. This is a vulnerability so you should have as few of these as possible.
There are two open port lists.
- Ports detected using UPnP protocol. These are opened by another device via the UPnP protocol. If you tap into it, Firewalla will provide details. If you do not need them, you can block them.
- Ports detected through an external scan. These ports are very likely opened by you using port mapping on the router (or by the router). If you do not know why these ports are open, please check your router's ‘port mapping’ settings.
External scan ports may be limited due to filtering done by ISP's. The external scan is done by another Firewalla server in the cloud. This server may either do a deep scan or a shallow scan. In shallow scan, it will only scan the well-known ports such as ssh, https, and HTTP. (Which scan to use depend on the ISP and also the state of the server doing the scan, we are doing our best of not having that server blacklisted)
What is UPnP?
UPnP stands for Universal Plug and Play, which is a networking protocol that enables devices to discover and communicate with each other on a local network. UPnP allows devices to automatically configure network settings and establish connections without requiring manual setup by the user.
While UPnP can be convenient for users, it can also pose a security risk if not properly configured. The automatic configuration process can allow devices to open ports on a router without the user's knowledge or consent, potentially exposing the network to outside threats. Attackers can use vulnerabilities in UPnP to gain access to devices on the network and launch attacks such as distributed denial-of-service (DDoS) attacks or steal sensitive information.
If you are using Firewalla in router mode, you can use the network manager to selectively turn off UPnP per device. See https://help.firewalla.com/hc/en-us/articles/360046703673-Firewalla-Feature-Guide-Network-Manager#h_01EDNZT093KGHYNZND0X6BB73P
Learn more about how to handle Open Port alarms.
Reference on port numbers: