https://community.checkpoint.com/t5/API-CLI-Discussion/How-to-Audit-Checkpoint-firewall-R81-firewall-rules-for-the-use/m-p/158684#M7169 <P>Looking for a tool or API script to audit firewall rules for the use of insecure protocols as well as ports commonly used by trojans and worms etc</P> Mon, 03 Oct 2022 13:54:58 GMT R_Elysion 2022-10-03T13:54:58Z https://community.checkpoint.com/t5/API-CLI-Discussion/How-to-Audit-Checkpoint-firewall-R81-firewall-rules-for-the-use/m-p/158684#M7169 <P>Looking for a tool or API script to audit firewall rules for the use of insecure protocols as well as ports commonly used by trojans and worms etc</P> Mon, 03 Oct 2022 13:54:58 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/How-to-Audit-Checkpoint-firewall-R81-firewall-rules-for-the-use/m-p/158684#M7169 R_Elysion 2022-10-03T13:54:58Z https://community.checkpoint.com/t5/API-CLI-Discussion/How-to-Audit-Checkpoint-firewall-R81-firewall-rules-for-the-use/m-p/158703#M7170 <P>Actually, a lot of trojans and worms use legitimate protocols like https and DNS.<BR />Which is why you need to do a lot more than just block specific services, which of course you should do through allowing access only to what precisely is needed.<BR />If Anti-Bot isn't enabled, your system is not doing everything it can to mitigate trojans and worms.</P> <P>As for your specific question, not sure anyone has written a script to perform these checks, but you can perform whatever checks you'd like using the API:&nbsp;<A href="https://sc1.checkpoint.com/documents/latest/APIs/index.html#introduction~v1.8%20" target="_blank">https://sc1.checkpoint.com/documents/latest/APIs/index.html#introduction~v1.8%20</A>&nbsp;</P> Mon, 03 Oct 2022 16:37:29 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/How-to-Audit-Checkpoint-firewall-R81-firewall-rules-for-the-use/m-p/158703#M7170 PhoneBoy 2022-10-03T16:37:29Z