Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

IP Forwarding R80.10

Hi Guys,

I just have my vulnerability report for my firewall and it turns out that I need to disable the IP forwarding mechanism in my CP.

Based on my understanding in general computer networks, IP forwarding is the process handling the packet transfers. If we disable it in the Check Point, how will the firewall transfer packets now? Is my understanding correct or is there something more deeper than that as far as Check Point firewall is concerned?

I was told to disable using this command,

# echo 0 > /proc/sys/net/ipv4/ip_forward

Thanks for your replies in advance.

0 Kudos
1 Reply
Highlighted

Don't do that, unless you want to cause an outage.

On a regular Linux server, turning off IP Forwarding in the IP driver is a perfectly valid recommendation in most cases.  It is not appropriate to manually manipulate this value on a Check Point firewall.  The Check Point code controls the state of IP forwarding, switching it from the default of 0 to 1 when Check Point services have started, and changing it from 1 to 0 when Check Point services are stopped or policy is unloaded. 

If you manually set it to zero, all traffic attempting to transit the firewall will stop working and be dropped by the IP driver just after inspection point I and just before inspection point o.  Traffic to and from the firewall itself (i.e. SSH connections to clish/expert mode), HTTPS connections to the Gaia web interface, and firewall management operations will still work, but little else will.

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com
0 Kudos