Well… i was fully aware of that device. It´s mounted pretty visibly right next to the Server/Networking cabinet and i even configured that port forward myself some years ago.
I just was stupid 
The pentest did not specify any Port for that vulnerability, so my brain somehow “X”-ed out everything but the firewall…
1 Like