https://community.checkpoint.com/t5/General-Topics/Close-Default-Open-Ports/m-p/71991#M14596 <P>Thanks PhoneBoy, I think that did the trick.</P><P>SecurePlatform and UserCheck were both set to "internal_interfaces" but SmartView was set to "all_interfaces".</P><P>I set that to internal_interfaces, saved and installed policy.</P><P>The implied rule 0 accepts on 443 and 80 seem to have stopped, and now GRC Shields Up reports those ports as Stealth <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>&nbsp;</P><P>&nbsp;</P> Fri, 10 Jan 2020 02:27:13 GMT Lockout888 2020-01-10T02:27:13Z https://community.checkpoint.com/t5/General-Topics/Close-Default-Open-Ports/m-p/66845#M13707 <P>I have a Cleanup Rule any/any to drop traffic from the Internet, but a Shields Up scan from grc.com shows I have several ports open by default:&nbsp; 80, 264, 443 and 444.</P><P>What configuration changes do I need to "stealth" these ports?</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ScreenShot715.jpg" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/3004i0B847440D40C150E/image-size/medium?v=v2&amp;px=400" role="button" title="ScreenShot715.jpg" alt="ScreenShot715.jpg" /></span></P> Fri, 08 Nov 2019 07:48:02 GMT https://community.checkpoint.com/t5/General-Topics/Close-Default-Open-Ports/m-p/66845#M13707 Lockout888 2019-11-08T07:48:02Z https://community.checkpoint.com/t5/General-Topics/Close-Default-Open-Ports/m-p/66944#M13730 80/443 is Multiportal.<BR />See: <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk105740" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk105740</A><BR />Port 264 is related to a Remote Access implies rule, go to Global Properties &gt; Firewall &gt; Accept Remote Access Control Connections, uncheck this, and install policy.<BR />Port 444 is not one of our standard ports and may be related to your specific configuration. Sat, 09 Nov 2019 07:55:06 GMT https://community.checkpoint.com/t5/General-Topics/Close-Default-Open-Ports/m-p/66944#M13730 PhoneBoy 2019-11-09T07:55:06Z https://community.checkpoint.com/t5/General-Topics/Close-Default-Open-Ports/m-p/71986#M14593 <P>I set the Platform Portal Accessibility settings to "Through internal interfaces" with no options checked per the SK solution.&nbsp; I verified my Topology settings are correct (eth1 = external and Mgmt = Internal).</P><P>I am still getting implied Rule 0 accepts for 443 and 80 in the logs. This is a Standalone configuration if that matters.</P><P>The SK other solution says:&nbsp; "In case you do not want to allow any connections to the Security Gateway's portals , add a rule that drop this traffic."</P><P>How do I add a rule that will drop the traffic of an implied rule?</P> Thu, 09 Jan 2020 22:41:03 GMT https://community.checkpoint.com/t5/General-Topics/Close-Default-Open-Ports/m-p/71986#M14593 Lockout888 2020-01-09T22:41:03Z https://community.checkpoint.com/t5/General-Topics/Close-Default-Open-Ports/m-p/71988#M14594 See also: <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk155512" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk155512</A> Thu, 09 Jan 2020 23:00:14 GMT https://community.checkpoint.com/t5/General-Topics/Close-Default-Open-Ports/m-p/71988#M14594 PhoneBoy 2020-01-09T23:00:14Z https://community.checkpoint.com/t5/General-Topics/Close-Default-Open-Ports/m-p/71989#M14595 <P>You can follow <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk115600" target="_self">sk115600</A> to disable the implied rules. I would not recommend doing this however as you will have to create explicit rules to replace the implicit rules and this usually just leads to a lot of headaches.</P> Thu, 09 Jan 2020 23:29:49 GMT https://community.checkpoint.com/t5/General-Topics/Close-Default-Open-Ports/m-p/71989#M14595 KernelGordon 2020-01-09T23:29:49Z https://community.checkpoint.com/t5/General-Topics/Close-Default-Open-Ports/m-p/71991#M14596 <P>Thanks PhoneBoy, I think that did the trick.</P><P>SecurePlatform and UserCheck were both set to "internal_interfaces" but SmartView was set to "all_interfaces".</P><P>I set that to internal_interfaces, saved and installed policy.</P><P>The implied rule 0 accepts on 443 and 80 seem to have stopped, and now GRC Shields Up reports those ports as Stealth <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>&nbsp;</P><P>&nbsp;</P> Fri, 10 Jan 2020 02:27:13 GMT https://community.checkpoint.com/t5/General-Topics/Close-Default-Open-Ports/m-p/71991#M14596 Lockout888 2020-01-10T02:27:13Z