topic Re: Block all incoming connections in Firewall and Security Management

Block all incoming connections

Ilovecheckpoint — Tue, 12 Dec 2023 08:41:50 GMT

Hello,

In our organisation, we need external communication only from vpn site to site and remote access ipsec vpn.

We use implied rules, I'm thinking to block all incoming traffic, except from the management servers via Internet.

Normally, vpn site to site and remote access are allowed via default implied rules so it would be fine, isn't it?

Re: Block all incoming connections

G_W_Albrecht — Tue, 12 Dec 2023 09:30:43 GMT

No, vpn site to site and remote access are not allowed via default implied rules except in GAIA Embedded. You still need explicit rules for RA &V S&S VPN ! Same for Stealth and CleanUp rules...

Re: Block all incoming connections

Ilovecheckpoint — Tue, 12 Dec 2023 17:06:09 GMT

Hello, thanks for the quickly answer.

I checked, and ike communication is allowed on implied rules, the remote access one not.

Anyway, my question is more like, after allowing site to site and remote access vpn, since I do not have any other incoming communication, is there any reason to do not block any incoming communication from Internet?

Re: Block all incoming connections

the_rock — Tue, 12 Dec 2023 19:53:21 GMT

Implied rules generally dont control inbound/outbound access. They delegate CP communication with other entities.

Andy

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topics-SECMG/Implied_Rules.htm

If you wish to block inbound connections, then you can do it via regular rules.

Andy