cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Checkpoint rulebase , is there any kind of implicit or explicit rule above stealth rule except mgmt

Hi Checkmates,

 

I wanted to know in checkpoint any implicit or explicit rule above the stealth rule in checkpoint except the management rule which allow management server and logs from/to the gateway to management or log server.

 

If there is any other rule please let me know?

 

1.Management rule

2.Stealth rule

3.Business rule

4.Cleanup rule

5.Implicit deny all rule

 

Kindly let me know if there are any different kind of rule named on checkpoint rule base.

 

Also let me know if VPN rules are having any restriction like placing it above or below in a firewall rule base?

 

Thanks in advance.

0 Kudos
3 Replies

Re: Checkpoint rulebase , is there any kind of implicit or explicit rule above stealth rule except m

There are a number of Implied Rules at the top of the policy to allow communication between different Check Point services. These rules could vary depending on what Software Blades you have enabled. You can view them by clicking on the Actions menu in SmartConsole and selecting Implied Rules...implied.jpg

The order of some of these implied rules can be influenced by changing settings under Global Properties. However, I'd advise against it unless you have an explicit reason to.

You can also enable a preference in Global Properties to Log Implied rules if you want to see those actions in your logs or are troubleshooting an issue. 

Hope this helps!

 

0 Kudos

Re: Checkpoint rulebase , is there any kind of implicit or explicit rule above stealth rule except m

As mentioned above, the implied rules handle any so-called "control traffic" between the different Check Point components so you don't need to explicitly allow those services.

Typically the only explicitly-created rules in front of the stealth rule are:

1) Management Access - SSH and HTTPS and perhaps port 4434 to the firewall object itself from a trusted internal IT workstation or subnet

2) Ping/traceroute - Are internal/DMZ networks allowed to ping the firewall and get a response, or when running a traceroute outbound have the firewall show up as a valid hop instead of displaying * * *

3) Monitoring - Ping and/or SNMP get access to firewall from internal NMS

4) Client Authentication Rules - Not used much any more

5) SecureRemote/SecureClient Remote Access VPN rules - Not used much any more

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
0 Kudos
Vladimir
Pearl

Re: Checkpoint rulebase , is there any kind of implicit or explicit rule above stealth rule except m

A few explicit rules/blocks as well, as per sk106597:

image.png

0 Kudos