https://community.checkpoint.com/t5/Firewall-and-Security-Management/Smartview/m-p/221415#M42393 <P>Hi all!<BR />Please help me solve the problem. I can log into the Smartview Console using my external IP address from anywhere. At the same time, I don’t have a single rule on the gateway that allows this action. I would not like access to Smartview of my gateway to be opened from the Internet. I want this to be possible only from the local network.<BR />How can I block access to Smartview via a public address?<BR />I will be grateful for your help<BR /><BR />OS Gaia<BR />Version R81.20&nbsp;</P> Fri, 19 Jul 2024 14:56:14 GMT Dmitriy_K 2024-07-19T14:56:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Smartview/m-p/221415#M42393 <P>Hi all!<BR />Please help me solve the problem. I can log into the Smartview Console using my external IP address from anywhere. At the same time, I don’t have a single rule on the gateway that allows this action. I would not like access to Smartview of my gateway to be opened from the Internet. I want this to be possible only from the local network.<BR />How can I block access to Smartview via a public address?<BR />I will be grateful for your help<BR /><BR />OS Gaia<BR />Version R81.20&nbsp;</P> Fri, 19 Jul 2024 14:56:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Smartview/m-p/221415#M42393 Dmitriy_K 2024-07-19T14:56:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Smartview/m-p/221435#M42404 <P>The only way this would be possible is if you have a Standalone gateway (i.e. no external management).<BR />This traffic is being accepted on implied rules.<BR />This can be fixed with:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk105740" target="_blank">https://support.checkpoint.com/results/sk/sk105740</A>&nbsp;</P> Fri, 19 Jul 2024 20:12:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Smartview/m-p/221435#M42404 PhoneBoy 2024-07-19T20:12:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Smartview/m-p/221438#M42405 <P>As extra you can make ACL here for SmartConsole access:</P> <P><A href="https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_AdminGuide/Topics-GAG/GUI-Clients.htm" target="_blank">https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_AdminGuide/Topics-GAG/GUI-Clients.htm</A></P> <P>The IP's you put here, only those IP's are allowed to use SmartConsole.</P> <P>Extra, you can do the same for portal access and SSH:&nbsp;</P> <P><A href="https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_AdminGuide/Topics-GAG/Host-Access.htm" target="_blank">https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_AdminGuide/Topics-GAG/Host-Access.htm</A></P> <P>This called host access. It look's similar as GUI client ACL but it is different.&nbsp;</P> Fri, 19 Jul 2024 20:50:38 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Smartview/m-p/221438#M42405 Lesley 2024-07-19T20:50:38Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Smartview/m-p/221451#M42412 <P>That should be simple to solve...just create a rule that allows ONLY access from trusted IPs/locations/networks and then right below that rule that blocks access to the IP listening for smartview log in page.</P> <P>Andy</P> Sat, 20 Jul 2024 02:35:30 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Smartview/m-p/221451#M42412 the_rock 2024-07-20T02:35:30Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Smartview/m-p/221452#M42413 <P>Also, forgot to mention, easiest way to block any subnet/IP via smart console is SAM rule through SV monitor.</P> <P>&nbsp;</P> <P><A href="https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/Topics-LMG/Monitoring-Suspicious-Activity-Rules.htm" target="_blank">https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/Topics-LMG/Monitoring-Suspicious-Activity-Rules.htm</A></P> <P>Andy</P> Sat, 20 Jul 2024 02:42:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Smartview/m-p/221452#M42413 the_rock 2024-07-20T02:42:36Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Smartview/m-p/221516#M42421 <P>Thanks a lot for your hint. Yes, I have a Standalone gateway. The decision was right</P> Mon, 22 Jul 2024 05:45:19 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Smartview/m-p/221516#M42421 Dmitriy_K 2024-07-22T05:45:19Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Smartview/m-p/221518#M42422 <P>Your tips helped me. Thank you for sharing your knowledge</P> Mon, 22 Jul 2024 05:46:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Smartview/m-p/221518#M42422 Dmitriy_K 2024-07-22T05:46:51Z