https://community.checkpoint.com/t5/General-Topics/no-hide-services-ports/m-p/102836#M19846 <P>Thanks for the information&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;!</P><P>It would be interesting to know if other admins leave "<SPAN>Accept outgoing packets originating from Gateway" enabled. We try to explicitly allow only required traffic and also avoid using implied rules as much as possible. I would appreciate feedback from the community regarding this.</SPAN></P><P>We will also open a TAC case to see if using the virtual IP for NTP, RADIUS, Syslog and SNMP trap is the expected behavior when&nbsp;"<SPAN>Accept outgoing packets originating from Gateway" is not checked.</SPAN></P><P>Thanks for your help!</P><P>Best regards,</P><P>Harry</P> Sat, 21 Nov 2020 11:34:27 GMT net-harry 2020-11-21T11:34:27Z https://community.checkpoint.com/t5/General-Topics/no-hide-services-ports/m-p/102414#M19811 <P>Hi,</P><P>I have a question about "no_hide_services_ports" located in the table.def files.</P><P>Besides the default ports we have added NTP, SNMP Trap, Syslog and RADIUS services to "no_hide_services_ports", so that the real IP is used instead of the virtual address for these protocols. Otherwise they do not work correctly on the standby cluster members.</P><P>no_hide_services_ports = { &lt;4500,17&gt;, &lt;500, 17&gt;, &lt;259, 17&gt;, &lt;1701, 17&gt;, &lt;5500, 17&gt;, &lt;123, 17&gt;, &lt;162, 17&gt;, &lt;514, 17&gt;, &lt;1812, 17&gt;, &lt;1813, 17&gt; };</P><P><BR />It seems strange that we need to modify the table.def files to achieve this and I wonder if we are perhaps missing a default setting that we for some reason have disabled.</P><P>Please note that we do not have "Accept outgoing packets originating from Gateway" defined in Global Properties.</P><P>We are running R80.20 take 183.</P><P>Thanks for your help!</P><P>Best regards,</P><P>Harry</P> Wed, 18 Nov 2020 07:09:42 GMT https://community.checkpoint.com/t5/General-Topics/no-hide-services-ports/m-p/102414#M19811 net-harry 2020-11-18T07:09:42Z https://community.checkpoint.com/t5/General-Topics/no-hide-services-ports/m-p/102828#M19843 <P>Possible not having that setting enabled might be causing this.<BR />It's also possible this is a bug and the TAC may need to be consulted.</P> Sat, 21 Nov 2020 01:51:53 GMT https://community.checkpoint.com/t5/General-Topics/no-hide-services-ports/m-p/102828#M19843 PhoneBoy 2020-11-21T01:51:53Z https://community.checkpoint.com/t5/General-Topics/no-hide-services-ports/m-p/102836#M19846 <P>Thanks for the information&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;!</P><P>It would be interesting to know if other admins leave "<SPAN>Accept outgoing packets originating from Gateway" enabled. We try to explicitly allow only required traffic and also avoid using implied rules as much as possible. I would appreciate feedback from the community regarding this.</SPAN></P><P>We will also open a TAC case to see if using the virtual IP for NTP, RADIUS, Syslog and SNMP trap is the expected behavior when&nbsp;"<SPAN>Accept outgoing packets originating from Gateway" is not checked.</SPAN></P><P>Thanks for your help!</P><P>Best regards,</P><P>Harry</P> Sat, 21 Nov 2020 11:34:27 GMT https://community.checkpoint.com/t5/General-Topics/no-hide-services-ports/m-p/102836#M19846 net-harry 2020-11-21T11:34:27Z