Blocking external connections from viewing SMB Fir...

Sologenius1

We are running software version R77.20.87 on the SMB firewall 1490 Appliance.

We noticed people can view the certificate on the firewall when they make HTTPS connections to the firewall using an external IP.

The firewall logs show that the implied rule permits the connection to the firewall and that people can view the certificate.

We know the best way to fix it is to configure a SAM rule to bypass the implied rules and prevent external users from viewing the certificate. However, it looks like the module that allows the firewall to accept the SAM rule is not supported on the SMB firewall.

When the SAM rule is configured, we get this error: "Action has failed on the module: FW01"

Is there any other way we can block external users from viewing the firewall certificate

PhoneBoy

While sam rules are not supported on SMB, you can use fw samp to achieve the same thing: https://support.checkpoint.com/results/sk/sk164472

The other option would be to edit the implied rule on the appliance that allows this communication.
See: https://support.checkpoint.com/results/sk/sk165937
After making the change to the relevant file on the appliance, issue a fw_configload for the changes to take effect.

Are you a member of CheckMates?

Blocking external connections from viewing SMB Firewall Certificate