topic secure a TCP service (non HTTPS) in General Topics

secure a TCP service (non HTTPS)

Daniel_Kavan — Thu, 12 Mar 2020 13:12:12 GMT

Hi,

We have software that runs on a TCP high port that we want to secure more. So, for the object I can't check that its a web server. Is there any way to lock the service down more. Customers connect to the port with software and then do their work. Sometimes we run into a situation where users can't connect. It's hard to white list this traffic but that seems like it would be an ideal solution. When we get "attacks" its really in the form of people trying to connect over and over creating a DoS effect for legitimate users.

Re: secure a TCP service (non HTTPS)

PhoneBoy — Thu, 12 Mar 2020 15:40:05 GMT

What specifically is blocking the traffic in the gateway?

Re: secure a TCP service (non HTTPS)

Daniel_Kavan — Thu, 12 Mar 2020 15:44:09 GMT

Nothing, the server behind the gw is being overwhelmed. I'm looking for ways to limit the amount traffic hitting the gateway based on TCP traffic. IPS is the best defense, but I'm wondering if I can do more.

Re: secure a TCP service (non HTTPS)

PhoneBoy — Thu, 12 Mar 2020 15:52:13 GMT

Your best bet is to rate limit traffic.
You could do this with QoS or using our DDoS mitigation mechanisms.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk112454