topic Re: Implied rules in Firewall and Security Management

Implied rules

imservbilllee — Fri, 27 Sep 2024 13:00:05 GMT

Hi everyone,

I am very new to CheckPoint firewall. A recent security scanning flagged one of my External interface saying Weak Cipher.

I am surprised why such interface is responding http/https to internet. When I check in the logs it showed "Implied rule" was hit.

But I have no idea on which implied rule make this happen and so how to mitigate this issue.

Please could you shed some light thanks

I am running an Open server on Gaia R81.10

Regards,

Bill.

Re: Implied rules

_Val_ — Fri, 27 Sep 2024 13:30:15 GMT

There can be many reasons for your GW to answer on HTTPS on en external interface: multi-portal, Mobile Access Blade, RAS VPN with a Visitor Mode activated, even Gaia WebUI, if you allow connections to all interfaces.

To manage ciphers, look into sk126613

Re: Implied rules

AkosBakos — Fri, 27 Sep 2024 13:33:26 GMT

Hi @imservbilllee

Welcome on board, you have chosen the best manufacturer:-)

What are you looking for is the #cipher_util tool.

Here is the complete guide:

https://support.checkpoint.com/results/sk/sk126613

If you have question just drop an update.

Akos

Re: Implied rules

the_rock — Fri, 27 Sep 2024 13:43:01 GMT

Hey Bill,

No worries man, we are here to help. Apart from what the boys said, which is true, I also recommend looking at below, might be relevant. Personally, I would NOT recommend playing around with implied_rules.DEF file on the mgmt server, as its there for a reason with default settings, unless TAC ever asked you to modify it.

Andy

https://support.checkpoint.com/results/sk/sk105740

If it helps, I also made post about something similar for geo VPN block, not sure if it may help you, but its the link below.

https://community.checkpoint.com/t5/Remote-Access-VPN/Geo-VPN-blocking/m-p/214040#M10593

Re: Implied rules

imservbilllee — Fri, 27 Sep 2024 14:23:55 GMT

Big thanks to everyone! You all are so nice

I am just curious. My portal is configured as "Through internal interface" , mobile access is listening on other external interface

No idea why this external interface is still answering http/https

I think I could try adding a rule on top to block http/https access to this interface from internet, but just curious why...

On the other hand will handle weak ciphe

Regards,

Bill.

Re: Implied rules

PhoneBoy — Fri, 27 Sep 2024 16:13:52 GMT

For the relevant discussion on implied rules for http/https to the gateway, see: https://support.checkpoint.com/results/sk/sk105740

Re: Implied rules

the_rock — Fri, 27 Sep 2024 23:10:03 GMT

If its listening on external interface, 100% implied rule, so you can definitely add rule to block it. Check the post I referenced, sk explains it as well.

Glad we can help you, thats what we are here for 🙂

Andy