https://community.checkpoint.com/t5/Spark-Firewall-SMB/Changing-implied-rules-def-on-locally-managed-SMBs/m-p/40243#M1678 <P>This is an addition to <A href="https://community.checkpoint.com/docs/DOC-2798-locally-managed-smbs-and-def-files" target="_blank"><EM>Locally managed SMBs .def files for VPN fine-tuning</EM></A>.</P> <P>&nbsp;</P> <P>The SMS file <EM>implied_rules.def</EM> contains the FireWall Implied Rules and usually is changed only using Dashboard Global properties... - see <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk43401&amp;partition=General&amp;product=Security" target="_blank">sk43401 How to completely disable FireWall Implied Rules</A>. This sk is appropriate for centrally managed SMB appliances, but does make no sense for locally managed SMBs, and the <EM>sk92281 Location of 'implied_rules.def' files on Security Management Server</EM> is needed for all centrally managed GWs / SMB appliances.</P> <P>&nbsp;</P> <P>On locally managed SMBs, <EM>implied_rules.def</EM> can be found in <EM>/pfrm2.0/config1/fw1/lib/</EM> or <EM>/pfrm2.0/config2/fw1/lib/</EM> and in<EM> /opt/fw1/lib/</EM> where it can be edited. But we can not find many applications -&nbsp;for locally managed SMBs,&nbsp;<EM><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk35292&amp;partition=Advanced&amp;product=Security" target="_blank">sk35292 How to disable FW1_ica_services on port 18264</A></EM>&nbsp;mentions locally managed&nbsp;SMBs&nbsp;as&nbsp;supported, and&nbsp;<EM><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk26059" target="_blank">sk26059 Removing LDAP queries from the Implied Rules</A></EM> and&nbsp;<EM><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk31692&amp;partition=Advanced&amp;product=Security" target="_blank">sk31692 RADIUS/SecurID packets are being picked up by an implied rule instead of being encrypted</A></EM>&nbsp;are supported as&nbsp;All products are covered by the listed procedure.</P> <P>&nbsp;</P> <P>Not applicable (as relevant&nbsp;for unsupported product versions only) are <EM>sk66030 Connection to Security Gateway on TCP Port 80 and TCP Port 443 is accepted by Implied Rule 0</EM> and&nbsp;<A class="cp_link sc_ellipsis" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk92262&amp;partition=Advanced&amp;product=IPSec" target="_blank">sk92262: TACACS+ authentication packets are not encrypted</A></P> <P>&nbsp;</P> <P><EM>.</EM></P> Fri, 19 Mar 2021 11:09:12 GMT G_W_Albrecht 2021-03-19T11:09:12Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Changing-implied-rules-def-on-locally-managed-SMBs/m-p/40243#M1678 <P>This is an addition to <A href="https://community.checkpoint.com/docs/DOC-2798-locally-managed-smbs-and-def-files" target="_blank"><EM>Locally managed SMBs .def files for VPN fine-tuning</EM></A>.</P> <P>&nbsp;</P> <P>The SMS file <EM>implied_rules.def</EM> contains the FireWall Implied Rules and usually is changed only using Dashboard Global properties... - see <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk43401&amp;partition=General&amp;product=Security" target="_blank">sk43401 How to completely disable FireWall Implied Rules</A>. This sk is appropriate for centrally managed SMB appliances, but does make no sense for locally managed SMBs, and the <EM>sk92281 Location of 'implied_rules.def' files on Security Management Server</EM> is needed for all centrally managed GWs / SMB appliances.</P> <P>&nbsp;</P> <P>On locally managed SMBs, <EM>implied_rules.def</EM> can be found in <EM>/pfrm2.0/config1/fw1/lib/</EM> or <EM>/pfrm2.0/config2/fw1/lib/</EM> and in<EM> /opt/fw1/lib/</EM> where it can be edited. But we can not find many applications -&nbsp;for locally managed SMBs,&nbsp;<EM><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk35292&amp;partition=Advanced&amp;product=Security" target="_blank">sk35292 How to disable FW1_ica_services on port 18264</A></EM>&nbsp;mentions locally managed&nbsp;SMBs&nbsp;as&nbsp;supported, and&nbsp;<EM><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk26059" target="_blank">sk26059 Removing LDAP queries from the Implied Rules</A></EM> and&nbsp;<EM><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk31692&amp;partition=Advanced&amp;product=Security" target="_blank">sk31692 RADIUS/SecurID packets are being picked up by an implied rule instead of being encrypted</A></EM>&nbsp;are supported as&nbsp;All products are covered by the listed procedure.</P> <P>&nbsp;</P> <P>Not applicable (as relevant&nbsp;for unsupported product versions only) are <EM>sk66030 Connection to Security Gateway on TCP Port 80 and TCP Port 443 is accepted by Implied Rule 0</EM> and&nbsp;<A class="cp_link sc_ellipsis" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk92262&amp;partition=Advanced&amp;product=IPSec" target="_blank">sk92262: TACACS+ authentication packets are not encrypted</A></P> <P>&nbsp;</P> <P><EM>.</EM></P> Fri, 19 Mar 2021 11:09:12 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Changing-implied-rules-def-on-locally-managed-SMBs/m-p/40243#M1678 G_W_Albrecht 2021-03-19T11:09:12Z