https://community.checkpoint.com/t5/Firewall-and-Security-Management/port-264-queries-whether-its-need-or-not/m-p/166739#M30018 <P>Chris is spot on with those SKs as&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/1551">@Blason_R</a>&nbsp;said.</P> Thu, 05 Jan 2023 03:51:10 GMT the_rock 2023-01-05T03:51:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/port-264-queries-whether-its-need-or-not/m-p/166657#M30002 <P>We have the following questions regarding FW1_topo traffic.</P><OL><LI>What is FW1_topo traffic for?</LI><LI>What is the impact to our production environment when a known IOC IP address had established connection with our firewall using FW1_topo service?</LI><LI>Is allowing FW1_topo service by default necessary in our environment?</LI><LI>Can we disable this implied rule?</LI><LI>If yes, how can we disable it? And what is the impact of disabling this implied rule?</LI></OL> Wed, 04 Jan 2023 07:53:04 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/port-264-queries-whether-its-need-or-not/m-p/166657#M30002 umar7 2023-01-04T07:53:04Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/port-264-queries-whether-its-need-or-not/m-p/166658#M30003 <P>Is your gateway configured for remote access VPN?</P> <P>Please refer:</P> <P>sk60773: [RST, ACK] response to TCP/264</P> <P>sk132712: Vulnerability scan shows ports 18231 and 264 open under LISTEN mode when using TLS1.0 and TLS1.1 - reference CVE-2000-1201</P> <P>sk69360: Check Point response to SecuRemote Topology Service Hostname Disclosure</P> <P>sk62692: Ports used on Security Gateway for SecureClient and Endpoint Security VPN</P> <P>&nbsp;</P> <P>If you have no plans to leverage Check Point remote access disabling this global option may also work for you:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="264.png" style="width: 688px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/19006i5732B2384D1DB916/image-size/large?v=v2&amp;px=999" role="button" title="264.png" alt="264.png" /></span></P> <P>&nbsp;</P> Thu, 05 Jan 2023 04:07:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/port-264-queries-whether-its-need-or-not/m-p/166658#M30003 Chris_Atkinson 2023-01-05T04:07:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/port-264-queries-whether-its-need-or-not/m-p/166738#M30017 <P>As suggested by&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/3630">@Chris_Atkinson</a>&nbsp;this is used for fetching the Topology by Remote Access VPN users. if you dont use this feature you can disable it using Implied rules and those are correct sks given by him and if you are following those it should not be a problem.</P> Thu, 05 Jan 2023 02:43:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/port-264-queries-whether-its-need-or-not/m-p/166738#M30017 Blason_R 2023-01-05T02:43:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/port-264-queries-whether-its-need-or-not/m-p/166739#M30018 <P>Chris is spot on with those SKs as&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/1551">@Blason_R</a>&nbsp;said.</P> Thu, 05 Jan 2023 03:51:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/port-264-queries-whether-its-need-or-not/m-p/166739#M30018 the_rock 2023-01-05T03:51:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/port-264-queries-whether-its-need-or-not/m-p/166763#M30023 <P>hello guys ,</P><P>&nbsp; &nbsp; &nbsp; &nbsp;thanks for the information i will update and if i have any queries regarding this issue . i will update the chat tail.</P><P>&nbsp;</P> Thu, 05 Jan 2023 09:48:19 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/port-264-queries-whether-its-need-or-not/m-p/166763#M30023 umar7 2023-01-05T09:48:19Z