ShoreTel VPN Concentrator NTP Vulnerability

The ShoreTel VPN Concentrator responds to NTP requests (for remote IP phones), which makes it vulnerable to the NTP DDOS attacks that have been happening lately.  To enable the WAN firewall on the ShoreTel VPN Concentrator (off by default) you must access a hidden menu.

  1. Log into your VPN concentrator, and click "Network" on the left-hand side
  2. Access the hidden firewall menu by changing the URL to page=5. Example:
  3. Check the box "Enable WAN Firewall"
  4. CHECK THE BOXES TO ALLOW HTTP & HTTPS ACCESS THROUGH FIREWALL
    • This allows you to manage the concentrator via HTTP or HTTPS
  5. Press submit (All current VPN sessions will drop for ~30 seconds)
  6. The concentrator will be unresponsive for 30-60 seconds while it applies, after which you are done!