topic Application Server Message Block v1 (SMBv1) experience in Firewall and Security Management https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-Server-Message-Block-v1-SMBv1-experience/m-p/240352#M46626 <P>Hello CheckMates,</P><P>We are currently faced with a requirement to limit and block as much SMBv1 traffic as possible and restrict SMBv1 traffic to specific sources and destinations. For this use case we would like to implement firewall rules with the service (application) "Server Message Block v1 (SMBv1)" and also use the objects "Server Message Block v2 (SMBv2)" and "Server Message Block v3 (SMBv3)" instead of just allowing tcp/445 for example.</P><P>We are looking for some real life experience with these objects in a production ruleset. We are a little concerned about how reliable the detection of different SMB versions is in a production ruleset.</P><P>We have not been able to find much documentation in the Check Point support centre, knowledge base articles or fixes for these applications.</P><P>We would also be very interested to know how Check Point handles the different "dialects" of SMB such as 2.0.1, 3.0.2, 3.1.1 etc.</P><P>Any feedback would be appreciated!</P><P>Kind regards</P> Tue, 04 Feb 2025 12:19:58 GMT ProxyOps 2025-02-04T12:19:58Z Application Server Message Block v1 (SMBv1) experience https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-Server-Message-Block-v1-SMBv1-experience/m-p/240352#M46626 <P>Hello CheckMates,</P><P>We are currently faced with a requirement to limit and block as much SMBv1 traffic as possible and restrict SMBv1 traffic to specific sources and destinations. For this use case we would like to implement firewall rules with the service (application) "Server Message Block v1 (SMBv1)" and also use the objects "Server Message Block v2 (SMBv2)" and "Server Message Block v3 (SMBv3)" instead of just allowing tcp/445 for example.</P><P>We are looking for some real life experience with these objects in a production ruleset. We are a little concerned about how reliable the detection of different SMB versions is in a production ruleset.</P><P>We have not been able to find much documentation in the Check Point support centre, knowledge base articles or fixes for these applications.</P><P>We would also be very interested to know how Check Point handles the different "dialects" of SMB such as 2.0.1, 3.0.2, 3.1.1 etc.</P><P>Any feedback would be appreciated!</P><P>Kind regards</P> Tue, 04 Feb 2025 12:19:58 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-Server-Message-Block-v1-SMBv1-experience/m-p/240352#M46626 ProxyOps 2025-02-04T12:19:58Z Re: Application Server Message Block v1 (SMBv1) experience https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-Server-Message-Block-v1-SMBv1-experience/m-p/240861#M46718 <P>I haven't seen many people comment on these specific Application definitions.<BR />Note this does require using App Control for the relevant traffic, which means at least Medium Path for the relevant traffic.&nbsp;</P> <P>Not sure what you mean by "handles the different dialects" as I assume they identified as their major version number.&nbsp;</P> Mon, 10 Feb 2025 19:25:18 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-Server-Message-Block-v1-SMBv1-experience/m-p/240861#M46718 PhoneBoy 2025-02-10T19:25:18Z