https://community.checkpoint.com/t5/General-Topics/Local-certificate-shown-on-public-IP/m-p/232713#M38868 <P>That is an interesting read, thanks. I does not apply to our situation though, as the certificate in question gets shown on Port 443. We don't get anything here when trying for the ICA Ports...</P> Thu, 14 Nov 2024 12:52:19 GMT Kryten 2024-11-14T12:52:19Z https://community.checkpoint.com/t5/General-Topics/Local-certificate-shown-on-public-IP/m-p/232686#M38865 <P>Hi all,</P><P>a customer of ours recently had a PenTest done. All went pretty well but one of the findings was a not-so-secure RSA lenght with a certificate on a public IP.</P><P>The IP in question is the main IP of the Check Point Cluster and the certificate shown is the local VPN certificate.</P><P>The strange thing: This customer does not have the Mobile Access Blade enabled, so is not using SSL-VPN or any Portal that would run on this IP. Also we found nothing else that would explain why we can do a TLS Handshake to this IP. Its also just the Handshake, as there is no connection after accepting the cert.<BR />While searching we found that Usercheck was pointing to this IP, but that was the only thing we found (and changed to an internal IP of the cluster).</P><P>If there is no portal or other service offered by the Gateway on this IP address, why can a connection on Port 443 still be initiated? Is there a way to disable this?</P><P>&nbsp;</P><P>&nbsp;</P><P>Cheers, and thanks in advance for any hints!</P> Thu, 14 Nov 2024 08:17:39 GMT https://community.checkpoint.com/t5/General-Topics/Local-certificate-shown-on-public-IP/m-p/232686#M38865 Kryten 2024-11-14T08:17:39Z https://community.checkpoint.com/t5/General-Topics/Local-certificate-shown-on-public-IP/m-p/232688#M38866 <P><A href="https://community.checkpoint.com/t5/General-Topics/HowTo-React-on-Check-Point-Information-Disclosure/td-p/9773" target="_blank" rel="noopener">HowTo: React on Check Point Information Disclosure</A></P> Thu, 14 Nov 2024 08:24:31 GMT https://community.checkpoint.com/t5/General-Topics/Local-certificate-shown-on-public-IP/m-p/232688#M38866 Danny 2024-11-14T08:24:31Z https://community.checkpoint.com/t5/General-Topics/Local-certificate-shown-on-public-IP/m-p/232713#M38868 <P>That is an interesting read, thanks. I does not apply to our situation though, as the certificate in question gets shown on Port 443. We don't get anything here when trying for the ICA Ports...</P> Thu, 14 Nov 2024 12:52:19 GMT https://community.checkpoint.com/t5/General-Topics/Local-certificate-shown-on-public-IP/m-p/232713#M38868 Kryten 2024-11-14T12:52:19Z https://community.checkpoint.com/t5/General-Topics/Local-certificate-shown-on-public-IP/m-p/232832#M38898 <P>Can you edit the gateway, platform portal, accessibility and change it to internal or policy and see if that closes the port?</P> <P>&nbsp;</P> <P>also run "<SPAN>mpclient list" and see what services are running on 443</SPAN></P> Thu, 14 Nov 2024 23:16:39 GMT https://community.checkpoint.com/t5/General-Topics/Local-certificate-shown-on-public-IP/m-p/232832#M38898 Ryan_Ryan 2024-11-14T23:16:39Z https://community.checkpoint.com/t5/General-Topics/Local-certificate-shown-on-public-IP/m-p/232889#M38904 <P>You should probably adjust the implied rules that allow connectivity on port 443:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk105740" target="_blank">https://support.checkpoint.com/results/sk/sk105740</A>&nbsp;</P> Fri, 15 Nov 2024 13:57:37 GMT https://community.checkpoint.com/t5/General-Topics/Local-certificate-shown-on-public-IP/m-p/232889#M38904 PhoneBoy 2024-11-15T13:57:37Z