UDP 500, 4500 from any IP?

Hi,

I’m running Rancher 1.x on a public cloud without a private network and I currently have the IPsec UDP ports 500 and 4500 on the “worker nodes” open to the internet (accessible from any ip). Are there any security implications in having these ports accessible from any ip?

Thanks,
Mike

Hi,
yes there are. It is never a good idea to expose any port which is not strictly needed (please take a look at the “attack surface” security topic online). Can you clarify the architecture so that we can provide you with more advice?

Alex