NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Unblock Inbound IP Addresses
Hello! I need to see if I can get some help on an issue with inbound/outbound IP addresses. I have a list of public IP addresses that a third party support company uses to scan our internal network for security issues. I did a chat with Netgear support and they had me go to the advanced section, security, select never, and then input each of the individual list of IP addresses the company says it needs to be able to initiate the scan. However, the scan continues to fail. We use a cable modem which is set as a pass through so they are not the issue. Is there any other way to unblock inbound IP addresses?
Thanks in advance!!!
> Model: R6020|AC750 Dual Band WiFi Router
That's accurate? (Firmware version?)
> [...] I have a list of public IP addresses that a third party support
> company uses to scan our internal network for security issues.
How, exactly, can any outside entity "scan [y]our internal network"
for anything, with an R6020 standing in its way? This is a NAT gateway,
which normally blocks external access to anything on your LAN until you
make special arrangements (such as port forwarding) to permit it.
> [...] Netgear support and they had me go to the advanced section,
> security, select never, and then input each of the individual list of IP
> addresses the company says it needs to be able to initiate the scan.
If that was ADVANCED > Security > Block Sites, then, as the on-page
"Block Sites Help" might explain, this feature blocks _outgoing_
connections ("to certain sites on the Internet"), not incoming
connections. The router _normally_ blocks _incoming_ connections.
> [...] Is there any other way to unblock inbound IP addresses?
Not the way you seem to expect. What, exactly, is this "the scan"
supposed to be doing? Perhaps the proper interpretation of "the scan
continues to fail" is that your network is not vulnerable to whatever
this "the scan" is supposed to be scanning for.
If this "the scan" is supposed to be examining individual computers
on your LAN, then it might need to be run from a system on your LAN,
rather than from the outside world. With an R6020 (or any similar
home/small-office router), the router normally blocks outside access to
any system on the LAN.
Either one of us does not understand what your "a third party support
company" really wants, or they don't understand how these routers work,
in which case, I'd be looking for a more competent third party support
company.
1 Reply
> Model: R6020|AC750 Dual Band WiFi Router
That's accurate? (Firmware version?)
> [...] I have a list of public IP addresses that a third party support
> company uses to scan our internal network for security issues.
How, exactly, can any outside entity "scan [y]our internal network"
for anything, with an R6020 standing in its way? This is a NAT gateway,
which normally blocks external access to anything on your LAN until you
make special arrangements (such as port forwarding) to permit it.
> [...] Netgear support and they had me go to the advanced section,
> security, select never, and then input each of the individual list of IP
> addresses the company says it needs to be able to initiate the scan.
If that was ADVANCED > Security > Block Sites, then, as the on-page
"Block Sites Help" might explain, this feature blocks _outgoing_
connections ("to certain sites on the Internet"), not incoming
connections. The router _normally_ blocks _incoming_ connections.
> [...] Is there any other way to unblock inbound IP addresses?
Not the way you seem to expect. What, exactly, is this "the scan"
supposed to be doing? Perhaps the proper interpretation of "the scan
continues to fail" is that your network is not vulnerable to whatever
this "the scan" is supposed to be scanning for.
If this "the scan" is supposed to be examining individual computers
on your LAN, then it might need to be run from a system on your LAN,
rather than from the outside world. With an R6020 (or any similar
home/small-office router), the router normally blocks outside access to
any system on the LAN.
Either one of us does not understand what your "a third party support
company" really wants, or they don't understand how these routers work,
in which case, I'd be looking for a more competent third party support
company.