So our entire network just had a security scan, and port 8088 came back as open, and a "high" vulnerability. Looking through our config, it appears that 8088 is used for captive portal, for traffic that users are web-proxying:
ip access-list session captiveportal
user any svc-http-proxy1 dst-nat 8088
user any svc-http-proxy2 dst-nat 8088
user any svc-http-proxy3 dst-nat 8088
netservice svc-http-proxy1 tcp 3128
netservice svc-http-proxy2 tcp 8080
netservice svc-http-proxy3 tcp 8888
It seems like web proxying would be a fairly rare use case... is there a reason it's included by default for captive portal? Anything I should worry about when I turn her off?
Also, even if I remove all config bits with 8088 referenced, 8088 is still going to be open.. any idea how to turn it off? Just create an ACL and apply it to a all interfaces?