https://community.checkpoint.com/t5/Spark-Firewall-SMB/IoT-Security-Alerts/m-p/220477#M11025 <P>Hi Dafna,<BR /><BR />thanks for your reply. Because of security reasons we cannot provide direct access to the device.<BR />Would you be able to provide necessary trouble shooting ste<FONT size="3">ps, which we can perform on our own, to figure out what is going wrong?<BR /><BR />We have also noticed another problem: We have 10 devices listed under the same IoT group. The group shows as policy: "Prevent". However the top panel under "Access Policy&gt;IoT" shows 5 of these devices as "Unproteceted Assets". Do you have an idea what might be the problem there?<BR /><BR />Best regards,<BR />Gabriel Pescia<BR /></FONT></P> Fri, 12 Jul 2024 08:15:40 GMT zkg 2024-07-12T08:15:40Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/IoT-Security-Alerts/m-p/219968#M11001 <P>Dear all,<BR /><BR />We use a locally managed Quantum Spark 1800 appliance R81.10.10 (996002945). The appliance allows to monitor IoT devices. However this monitoring seems to be faulty.</P><P>For example:<BR />We have (among others) two HP computers which are listed as such under Monitoring&gt;Assets. In particular they are not listed under IoT assets. However, if one of these computers connects to the other, we obtain a "Security Alert" that reads "Unauthorized domain IoT access". Since neither of the two computers are listed under IoT assets the above alert makes no sense to us.</P><P>With this post we wanted to inquire other users if they have seen the same behaviour as described above and how to fix the issue?</P><P>Best regards,<BR />Gabriel Pescia</P> Mon, 08 Jul 2024 15:26:43 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/IoT-Security-Alerts/m-p/219968#M11001 zkg 2024-07-08T15:26:43Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/IoT-Security-Alerts/m-p/220015#M11007 <P>I assume you can configure an override to resolve the issue: <A href="https://support.checkpoint.com/results/sk/sk181988" target="_blank">https://support.checkpoint.com/results/sk/sk181988</A>&nbsp;</P> Mon, 08 Jul 2024 19:49:36 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/IoT-Security-Alerts/m-p/220015#M11007 PhoneBoy 2024-07-08T19:49:36Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/IoT-Security-Alerts/m-p/220036#M11008 <P>Hi,</P> <P>I'm Dafna working as a team leader at&nbsp;<SPAN>&nbsp;Quantum Spark&nbsp;R&amp;D.</SPAN></P> <P>You are right - this is no the expected behavior,</P> <P>Is it possible to access your GW via reach my device or remote session to check it?</P> <P>I'm Dafna, a team leader at Quantum Spark R&amp;D.</P> <P>You are right; this behavior is not what we would expect.</P> <P>Would it be possible to access your GW via "Reach My Device" or a remote session to check it?</P> <P>Thanks,</P> <P>&nbsp; &nbsp;Dafna</P> <P>&nbsp;</P> Tue, 09 Jul 2024 05:41:52 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/IoT-Security-Alerts/m-p/220036#M11008 Dafna 2024-07-09T05:41:52Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/IoT-Security-Alerts/m-p/220477#M11025 <P>Hi Dafna,<BR /><BR />thanks for your reply. Because of security reasons we cannot provide direct access to the device.<BR />Would you be able to provide necessary trouble shooting ste<FONT size="3">ps, which we can perform on our own, to figure out what is going wrong?<BR /><BR />We have also noticed another problem: We have 10 devices listed under the same IoT group. The group shows as policy: "Prevent". However the top panel under "Access Policy&gt;IoT" shows 5 of these devices as "Unproteceted Assets". Do you have an idea what might be the problem there?<BR /><BR />Best regards,<BR />Gabriel Pescia<BR /></FONT></P> Fri, 12 Jul 2024 08:15:40 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/IoT-Security-Alerts/m-p/220477#M11025 zkg 2024-07-12T08:15:40Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/IoT-Security-Alerts/m-p/220661#M11035 <P>Hi,</P> <P>Please provide the following information:</P> <P>Issue #1:</P> <OL> <LI>cpinfo</LI> <LI>screen shot of the relevant security logs which are relevent to the HP computers</LI> <LI>The last notification which you got on those computers</LI> <LI>screen shot of your outgoing policy</LI> <LI>output of the following commands: <UL> <LI>&nbsp;pt fwGeneratedRule</LI> <LI>fw tab -t iot_cleanup_rule_num_table</LI> </UL> </LI> </OL> <P>Issue #2:</P> <P>1. send the device type and vendor</P> <P>2. screen shot of the IOT page and asset page (I want to see hoe those devices are displayed)</P> <P>3. the MAC address of the problematic devices</P> <P>&nbsp;</P> <P>Thanks,</P> <P>&nbsp; &nbsp;Dafna</P> Sun, 14 Jul 2024 06:01:24 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/IoT-Security-Alerts/m-p/220661#M11035 Dafna 2024-07-14T06:01:24Z