- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
When trying to access the firewall gateway object public IP address with https this is allowed and we see the gateway certificate, this should be blocked by the firewall. This behavior is also explained here;
https://support.checkpoint.com/results/sk/sk105740
We use R81.20 take 84
captive portal and identity awareness are both configured on internal interfaces.
The setting platform portal accessibility is configured as "according to the firewall policy", and currently allowed in implicit rules. The configuration option is greyed out so we cannot change it to internal interfaces only. How can we change this?
gateway properties platform portal
we dont use remote access VPN
same issue with take 90
While I'm not certain, it may be that Identity Awareness requires that particular setting, thus it cannot be changed.
In any case, for rules to work as expected, you will need to set the kernel variable as described in sk107540.
I think you mean this SK correct? https://support.checkpoint.com/results/sk/sk165937
And indeed do you use Identity Awareness? For example Identity collectors connect on port 443 on the firewall for ID sharing.
yes we use identity awareness and we also have captive portal, so we would like to block it from internet not from everywhere. I understand when setting custom port for management we cant change this behavior. But I believe we need the custom port for management to not interfere with identity awareness. How could we fix this with custom management port AND only allow 80/443 from internal?
Yes I guess this is the only solution gonna test
In case the kernel parameter fw_ignore_before_drop_rules is set to 1 , Security Gateway matching code does not consider the before drop implied rule.
In case this kernel parameter is set to 1, you must allow the connection in the rulebase (for the multiportal or tcp tunneling)
You can change it by removing the custom port if you use one for web UI.
Andy
are you saying that we could change to setting to internal only and then apply the custom port again would that work or is there a different technical reason why it is greyed out when having a custom port configured for management?
It would not work if you change to custom port, it would be greyed out, its been like that for a long time.
Andy
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 66 | |
| 19 | |
| 8 | |
| 7 | |
| 6 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 2 |
Thu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealThu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASETue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeThu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY