https://community.checkpoint.com/t5/Endpoint/Noise-Rule/m-p/65137#M1663 <P>We are running Endpoint in the cloud EPMAS (Endpoint Management As A Service).&nbsp; To create Endpoint Firewall rules for the Endpoint client I use SmartEndpoint.</P><P>There is no destination field in the Endpoint client Firewall as the destination will always be the workstation/laptop</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="3.png" style="width: 831px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2760iACC23A673927209F/image-size/large?v=v2&amp;px=999" role="button" title="3.png" alt="3.png" /></span></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2.png" style="width: 842px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2761iA5B4FB4BD143A4E1/image-size/large?v=v2&amp;px=999" role="button" title="2.png" alt="2.png" /></span></P><P>&nbsp;</P><P>Thus the reason for using ports/services.&nbsp;</P><P>239.255.255.250 is Simple Service Discovery Protocol (SSDP) port 1900 udp&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>Thanks</P><P>&nbsp;</P><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> Wed, 16 Oct 2019 18:37:20 GMT John_Gallagher 2019-10-16T18:37:20Z https://community.checkpoint.com/t5/Endpoint/Noise-Rule/m-p/65048#M1658 <P>Hi</P><P>&nbsp;</P><P>We are the running Endpoint Client with the Firewall blade enabled.</P><P>&nbsp;</P><P>When I go to Log Viewer, 99% of the logs is dropped multicast traffic from the Firewall blade.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="1.jpg.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2750i5E72954E0E98C2BE/image-size/large?v=v2&amp;px=999" role="button" title="1.jpg.png" alt="1.jpg.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>This makes investigating the logs somewhat difficult as there are limited filtering options available.</P><P>&nbsp;</P><P>Most of the multicast traffic is LLMNR port 5355 tcp and SSDP port 1900 udp.</P><P>&nbsp;</P><P>I want to create a Noise Rule (i.e. Track to None) so this traffic does not appear in the logs.</P><P>&nbsp;</P><P>Is it ok to create a block rule only on the ports as below?&nbsp; Note the source is Any</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2.png" style="width: 842px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2751i039773CAE0A5FF2E/image-size/large?v=v2&amp;px=999" role="button" title="2.png" alt="2.png" /></span></P><P>&nbsp;</P><P>Can these ports be used by other services? And if they can then how would I create a Noisey Traffic Rule &nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 16 Oct 2019 02:16:28 GMT https://community.checkpoint.com/t5/Endpoint/Noise-Rule/m-p/65048#M1658 John_Gallagher 2019-10-16T02:16:28Z https://community.checkpoint.com/t5/Endpoint/Noise-Rule/m-p/65061#M1659 <P>First: What about the destination 239.255.255.250 ?</P> <P>Second: You show us an endpoint security client log, but create a rule in the gateway access policy. Endpoint FW rules are defined in old SmartDashboard / Desktop tab or in EPSS...</P> Wed, 16 Oct 2019 08:25:20 GMT https://community.checkpoint.com/t5/Endpoint/Noise-Rule/m-p/65061#M1659 G_W_Albrecht 2019-10-16T08:25:20Z https://community.checkpoint.com/t5/Endpoint/Noise-Rule/m-p/65137#M1663 <P>We are running Endpoint in the cloud EPMAS (Endpoint Management As A Service).&nbsp; To create Endpoint Firewall rules for the Endpoint client I use SmartEndpoint.</P><P>There is no destination field in the Endpoint client Firewall as the destination will always be the workstation/laptop</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="3.png" style="width: 831px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2760iACC23A673927209F/image-size/large?v=v2&amp;px=999" role="button" title="3.png" alt="3.png" /></span></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2.png" style="width: 842px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2761iA5B4FB4BD143A4E1/image-size/large?v=v2&amp;px=999" role="button" title="2.png" alt="2.png" /></span></P><P>&nbsp;</P><P>Thus the reason for using ports/services.&nbsp;</P><P>239.255.255.250 is Simple Service Discovery Protocol (SSDP) port 1900 udp&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>Thanks</P><P>&nbsp;</P><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> Wed, 16 Oct 2019 18:37:20 GMT https://community.checkpoint.com/t5/Endpoint/Noise-Rule/m-p/65137#M1663 John_Gallagher 2019-10-16T18:37:20Z