topic Re: Avoid block vulnerability scan in General Topics https://community.checkpoint.com/t5/General-Topics/Avoid-block-vulnerability-scan/m-p/240255#M40086 <P>See: <A href="https://support.checkpoint.com/results/sk/sk65200" target="_blank" rel="noopener"><SPAN>sk65200: How to list all <STRONG>services</STRONG> with enabled "Match for Any" option</SPAN></A> not all services are matched by Any.</P> <P>The messages you listed show blocks by Core Protections - see <A href="https://community.checkpoint.com/t5/Security-Gateways/IPS-Core-Protections/m-p/217103" target="_blank">https://community.checkpoint.com/t5/Security-Gateways/IPS-Core-Protections/m-p/217103</A></P> <P>They can not be avoided - this is expected behaviour. If you need to send Invalid packets or Illegal messages you have to avoid going thru the firewall...</P> Mon, 03 Feb 2025 10:05:39 GMT G_W_Albrecht 2025-02-03T10:05:39Z Avoid block vulnerability scan https://community.checkpoint.com/t5/General-Topics/Avoid-block-vulnerability-scan/m-p/240253#M40085 <P>Hello,</P><P>We have a vulnerability scanner which scan all dmz.</P><P>On some gateways IPS has not been activated.</P><P>Firewall log show more blocked communication even if an explicit rule allow them (allows any service).</P><P>These are some of meessages seen:</P><P>ICMP type unknown&nbsp;</P><P>Invalid TCP packet - source / destination port 0. Dropped although the protection is disabled</P><P>invalid content length header in request</P><P>Illegal H.225(Q.931) message</P><P>&nbsp;</P><P>Is there a way to avoid to block any flow from a specific source?</P> Mon, 03 Feb 2025 09:08:53 GMT https://community.checkpoint.com/t5/General-Topics/Avoid-block-vulnerability-scan/m-p/240253#M40085 Ilovecheckpoint 2025-02-03T09:08:53Z Re: Avoid block vulnerability scan https://community.checkpoint.com/t5/General-Topics/Avoid-block-vulnerability-scan/m-p/240255#M40086 <P>See: <A href="https://support.checkpoint.com/results/sk/sk65200" target="_blank" rel="noopener"><SPAN>sk65200: How to list all <STRONG>services</STRONG> with enabled "Match for Any" option</SPAN></A> not all services are matched by Any.</P> <P>The messages you listed show blocks by Core Protections - see <A href="https://community.checkpoint.com/t5/Security-Gateways/IPS-Core-Protections/m-p/217103" target="_blank">https://community.checkpoint.com/t5/Security-Gateways/IPS-Core-Protections/m-p/217103</A></P> <P>They can not be avoided - this is expected behaviour. If you need to send Invalid packets or Illegal messages you have to avoid going thru the firewall...</P> Mon, 03 Feb 2025 10:05:39 GMT https://community.checkpoint.com/t5/General-Topics/Avoid-block-vulnerability-scan/m-p/240255#M40086 G_W_Albrecht 2025-02-03T10:05:39Z