Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hi
We are the running Endpoint Client with the Firewall blade enabled.
When I go to Log Viewer, 99% of the logs is dropped multicast traffic from the Firewall blade.
This makes investigating the logs somewhat difficult as there are limited filtering options available.
Most of the multicast traffic is LLMNR port 5355 tcp and SSDP port 1900 udp.
I want to create a Noise Rule (i.e. Track to None) so this traffic does not appear in the logs.
Is it ok to create a block rule only on the ports as below? Note the source is Any
Can these ports be used by other services? And if they can then how would I create a Noisey Traffic Rule
We are running Endpoint in the cloud EPMAS (Endpoint Management As A Service). To create Endpoint Firewall rules for the Endpoint client I use SmartEndpoint.
There is no destination field in the Endpoint client Firewall as the destination will always be the workstation/laptop
Thus the reason for using ports/services.
239.255.255.250 is Simple Service Discovery Protocol (SSDP) port 1900 udp
Thanks
