https://community.checkpoint.com/t5/General-Topics/Risk-Mitigation-in-cp-gw/m-p/120975#M22494 <P>What precisely generated these recommendations?<BR />The remediation steps look consistent with R77.x and not R8x.<BR />I believe those IPS protections are actually Inspection Settings in R8x (though haven’t looked).</P> Fri, 11 Jun 2021 19:26:26 GMT PhoneBoy 2021-06-11T19:26:26Z https://community.checkpoint.com/t5/General-Topics/Risk-Mitigation-in-cp-gw/m-p/120951#M22487 <P>The following vulnerabilities and suggested fix have been reported in CP GW Cluster.. these are on R80.40&nbsp;</P><P>However.. i am unable to find these on the path suggested... where can i edit these via smartConsole/cli ?&nbsp;</P><P>&nbsp;</P><P>1)<SPAN>IPS configuration - No check for out of sequence TCP packets</SPAN></P><P>Suggested fix -&nbsp;</P><P>We recommend that you use the Check Point SmartDashboard to enable Sequence Verifier:</P><P>IPS Tab =&gt;Protections =&gt;By Protocol =&gt; Network Security =&gt; TCP =&gt; Sequence Verifier</P><P>2)<SPAN>IPS configuration - No flood protection</SPAN></P><P>Suggested fix -&nbsp;</P><P>We recommend that you use the Check Point SmartDashboard to enable some of these properties:</P><P>Non TCP Flooding: IPS Tab =&gt; Protections =&gt; By Protocol =&gt; Network Security =&gt; Denial of Service =&gt; Non TCP flooding</P><P>SYN Attack protection: IPS Tab =&gt; Protections =&gt; By Protocol =&gt; Network Security =&gt; TCP =&gt; SYN Attack Configuration</P><P>SYN Attack protection can be enabled by either unchecking the "Override module's SYNDefender configuration" to use the module configured protection or checking the "Activate SYN Attack protection".</P><P>3)&nbsp;<SPAN>&nbsp;Missing Application Control “Block” rules</SPAN></P><P>Suggested Fix -&nbsp;</P><P>Your firewall is installed with the Application Control blade, but the corresponding “Application &amp; URL Filtering” policy does not consist of any “Block” rules. Having no such rules, the “Application &amp; URL Filtering” policy doesn’t practically have any filtering effect on the traffic traversing the firewall.</P><P><STRONG><FONT color="#2969A6">Remedy</FONT></STRONG><BR />Add at least one rule with action “Block” to the “Application &amp; URL Filtering” policy.</P><P>&nbsp;</P><P>In this case i already have a first rule as block in application layer policy and second layer allow all.. is this not the correct way to implement ?</P><P>&nbsp;</P> Fri, 11 Jun 2021 13:17:10 GMT https://community.checkpoint.com/t5/General-Topics/Risk-Mitigation-in-cp-gw/m-p/120951#M22487 LostBoY 2021-06-11T13:17:10Z https://community.checkpoint.com/t5/General-Topics/Risk-Mitigation-in-cp-gw/m-p/120975#M22494 <P>What precisely generated these recommendations?<BR />The remediation steps look consistent with R77.x and not R8x.<BR />I believe those IPS protections are actually Inspection Settings in R8x (though haven’t looked).</P> Fri, 11 Jun 2021 19:26:26 GMT https://community.checkpoint.com/t5/General-Topics/Risk-Mitigation-in-cp-gw/m-p/120975#M22494 PhoneBoy 2021-06-11T19:26:26Z