This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Thomas_Pereira
Participant
‎2017-07-05 07:14 AM
Jump to solution

How to disable http/https portal on vSec gateway?

We have two Security Gateways under the same management server. We need to disable outside access to the web portal on the vSec gateway.

This traffic is accepted by an implied rule. We did disable every single implied rule on the smart dashboard and try to edit the implied rules file in the path $FWDIR/lib. 

But the ports 80 and 443 are still open.

How could disable the outside access to this service?

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2017-07-06 09:09 AM
Jump to solution

Multiportal issue, I think.

Refer to the following SK: HTTP and HTTPS requests to external interfaces create implied rule 0 accepts in SmartView Tracker 

View solution in original post

8 Replies
Jay_Jeffcoat
Participant
‎2017-07-05 11:38 AM
Jump to solution

When you say "disable outside access" There certainly shouldn't be an implied rule that allows outside access to your firewalls. You should have a rule in your policy that allows certain hosts to access your firewalls(ssh, webui, etc), but then have a stealth rule directly below that preventing all other source traffic from hitting your firewalls.

0 Kudos
Thomas_Pereira
Participant
‎2017-07-05 11:49 AM
In response to Jay_Jeffcoat
Jump to solution

Jay.

We have a stealth rule in place.

And in the log the traffic is being allowed by Implicit rule 0.

0 Kudos
Jay_Jeffcoat
Participant
‎2017-07-05 02:57 PM
In response to Thomas_Pereira
Jump to solution

Can you be more specific on what you're describing as "outside" access? Also, please post details about the actual implied rule that it's hitting on? Obviously something isn't making since, you stated you disabled every implied rule yet the traffic is still permitted

0 Kudos
Thomas_Pereira
Participant
‎2017-07-06 03:12 AM
In response to Jay_Jeffcoat
Jump to solution

"Outside" is the Internet. In Azure the vSec has two interfaces one internal and one external this last being the one that leads to the Internet. The goal is to limit the access to the internal interface. 

0 Kudos
Peter_Sandkuijl
Employee
Employee
‎2017-07-06 06:44 AM
Jump to solution

Hi,

Rule 0 can also indicate a setting that has a portal function and that is controlled by a property. As an example the identity awareness captive portal will listen. On what ports and interfaces depends on your configuration. I suspect what you see is similar to this and I advise you check those settings. By default they will have "internal interfaces" but that may be less relevant for vSEC, depending on how you deployed

Good luck

Peter !!

PhoneBoy
Admin
Admin
‎2017-07-06 09:09 AM
Jump to solution

Multiportal issue, I think.

Refer to the following SK: HTTP and HTTPS requests to external interfaces create implied rule 0 accepts in SmartView Tracker 

Thomas_Pereira
Participant
‎2017-07-06 01:44 PM
In response to PhoneBoy
Jump to solution

Dameon, 

Thanks for the help, in this SK I have found the correct file to edit and stopped the http redirect.

Also I was able to find what was enabling the https portal. It was the visitor mode for vpn clients, once disabled the https was closed.

_Val_
Admin
Admin
‎2017-07-07 12:49 AM
Jump to solution

If you are looking to disable WebUI completely, use "set web daemon-enable off"
Do not forget "save config"

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events