This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
John_Gallagher
Participant
‎2019-10-15 07:16 PM

Noise Rule

Hi

 

We are the running Endpoint Client with the Firewall blade enabled.

 

When I go to Log Viewer, 99% of the logs is dropped multicast traffic from the Firewall blade.

 

1.jpg.png

 

 

 

This makes investigating the logs somewhat difficult as there are limited filtering options available.

 

Most of the multicast traffic is LLMNR port 5355 tcp and SSDP port 1900 udp.

 

I want to create a Noise Rule (i.e. Track to None) so this traffic does not appear in the logs.

 

Is it ok to create a block rule only on the ports as below?  Note the source is Any

 

2.png

 

Can these ports be used by other services? And if they can then how would I create a Noisey Traffic Rule  

 

 

 

 

 

 

 

 

2 Replies
G_W_Albrecht
Legend Legend
Legend
‎2019-10-16 01:19 AM

First: What about the destination 239.255.255.250 ?

Second: You show us an endpoint security client log, but create a rule in the gateway access policy. Endpoint FW rules are defined in old SmartDashboard / Desktop tab or in EPSS...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
John_Gallagher
Participant
‎2019-10-16 11:37 AM
In response to G_W_Albrecht

We are running Endpoint in the cloud EPMAS (Endpoint Management As A Service).  To create Endpoint Firewall rules for the Endpoint client I use SmartEndpoint.

There is no destination field in the Endpoint client Firewall as the destination will always be the workstation/laptop

3.png

 

2.png

 

Thus the reason for using ports/services. 

239.255.255.250 is Simple Service Discovery Protocol (SSDP) port 1900 udp 

 

 

Thanks

 

 
 
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events