https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-I-block-ports-from-outside-and-allow-it-for-internal/m-p/18541#M1395 <HTML><HEAD></HEAD><BODY><P>Hello Guys,</P><P></P><P>One of our vulnerability scanner gave the following ports as vulnerable, so we want those ports to be blocked from outside and to be allowed from the inside for inside communications.</P><P></P><P>These are the ports</P><P></P><P><BR /> 264/tcp - fw1_generic. <BR data-jive-statusinputadd="true" data-jive-truncation-flag="true" />500/udp - ikev1. <BR data-jive-statusinputadd="true" data-jive-truncation-flag="true" />18231/tcp</P><P>18264/tcp - cp_ica</P><P></P><P>how can i do this?</P><P></P><P>Thanks</P></BODY></HTML> Wed, 25 Apr 2018 12:19:52 GMT Shehan_Wickrama 2018-04-25T12:19:52Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-I-block-ports-from-outside-and-allow-it-for-internal/m-p/18541#M1395 <HTML><HEAD></HEAD><BODY><P>Hello Guys,</P><P></P><P>One of our vulnerability scanner gave the following ports as vulnerable, so we want those ports to be blocked from outside and to be allowed from the inside for inside communications.</P><P></P><P>These are the ports</P><P></P><P><BR /> 264/tcp - fw1_generic. <BR data-jive-statusinputadd="true" data-jive-truncation-flag="true" />500/udp - ikev1. <BR data-jive-statusinputadd="true" data-jive-truncation-flag="true" />18231/tcp</P><P>18264/tcp - cp_ica</P><P></P><P>how can i do this?</P><P></P><P>Thanks</P></BODY></HTML> Wed, 25 Apr 2018 12:19:52 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-I-block-ports-from-outside-and-allow-it-for-internal/m-p/18541#M1395 Shehan_Wickrama 2018-04-25T12:19:52Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-I-block-ports-from-outside-and-allow-it-for-internal/m-p/18542#M1396 <HTML><HEAD></HEAD><BODY><P>I feel like I might be missing something with your question, but I think there are&nbsp;several&nbsp;ways to achieve this...</P><P></P><P></P><P></P><P>SRC: Internal Networks Group&nbsp;<STRONG style="color: #ff0000;">[NEGATED]</STRONG> | DST: Any | SVC: ports | ACT:&nbsp;drop</P><P></P><P><SPAN>--or--</SPAN></P><P></P><P>SRC: Internal Networks Group | DST: Any | SVC: ports | ACT: allow&nbsp;</P><P>&nbsp;&nbsp; &nbsp; &nbsp;* I'd have several more specific rules of the above rule with explicit destinations...</P><P><SPAN>SRC:&nbsp;Any | DST: Any | SVC: ports | ACT:&nbsp;drop</SPAN></P><P></P><P><SPAN>--or--</SPAN></P><P></P><P><SPAN>Other combinations...</SPAN></P></BODY></HTML> Wed, 25 Apr 2018 21:09:23 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-I-block-ports-from-outside-and-allow-it-for-internal/m-p/18542#M1396 Brian_Deutmeyer 2018-04-25T21:09:23Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-I-block-ports-from-outside-and-allow-it-for-internal/m-p/18543#M1397 <HTML><HEAD></HEAD><BODY><P>Some of these are covered by implied rules.</P><P>To confirm this, go to Global Properties, click the appropriate checkbox, and install policy.</P><P></P><P></P><P><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/64834_pastedImage_1.png" style="width: auto; height: auto;" /></P><P></P><P>You will see log entries on Rule 0.</P><P>In which case you will have to work to disable the implied rules, but this is NOT recommended.</P><P>Refer to:&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk43401&amp;partition=General&amp;product=Security" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk43401&amp;partition=General&amp;product=Security">How to completely disable FireWall Implied Rules</A>&nbsp;</P></BODY></HTML> Wed, 25 Apr 2018 22:11:08 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-I-block-ports-from-outside-and-allow-it-for-internal/m-p/18543#M1397 PhoneBoy 2018-04-25T22:11:08Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-I-block-ports-from-outside-and-allow-it-for-internal/m-p/18544#M1398 <HTML><HEAD></HEAD><BODY><P>Hi Brian,</P><P></P><P>Thank You for the reply.</P><P></P><P>Regards,</P><P>Shehan</P></BODY></HTML> Tue, 01 May 2018 04:57:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-I-block-ports-from-outside-and-allow-it-for-internal/m-p/18544#M1398 Shehan_Wickrama 2018-05-01T04:57:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-I-block-ports-from-outside-and-allow-it-for-internal/m-p/18545#M1399 <HTML><HEAD></HEAD><BODY><P>Hi Dameon,</P><P></P><P>Thanks for the reply. I have disabled some with the implied rules.</P><P></P><P>Regards,</P><P>Shehan</P></BODY></HTML> Tue, 01 May 2018 04:58:54 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-I-block-ports-from-outside-and-allow-it-for-internal/m-p/18545#M1399 Shehan_Wickrama 2018-05-01T04:58:54Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-I-block-ports-from-outside-and-allow-it-for-internal/m-p/74072#M5700 <P>G&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;reat answer PhoneBoy, how to do this for 600 and 1100? thc</P> Tue, 04 Feb 2020 04:43:45 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-I-block-ports-from-outside-and-allow-it-for-internal/m-p/74072#M5700 kreynolds 2020-02-04T04:43:45Z