Solved: Check Point Can Detect & prevent Domain Fronting A...

MarcuzShinz

Dear Everyone,

Recently I noticed Domain Pronting attack technique is coming back, can Check Point Firewall prevent it? What features need to be enabled?

the_rock

https://support.checkpoint.com/results/sk/sk145112

View solution in original post

the_rock

https://support.checkpoint.com/results/sk/sk145112

the_rock

Btw, its enabled by default, but if you wish to change it, you can run below.

Andy

****************************

[Expert@R82:0]# fw ctl get int reject_domain_fronting_conns
reject_domain_fronting_conns = 0
[Expert@R82:0]# fw ctl set -f int reject_domain_fronting_conns 1
"fwkern.conf" was updated successfully
[Expert@R82:0]#

MarcuzShinz

Dear the_rock,

Thansk for your response, beside, Do we need any additional features to prevent this attack method?

the_rock

Hi Marcus,

Does not appear so. I also checked inspection settings, as well as IPS protections, could not find anything about it. Plus, does not mention anything extra in the sk either.

Andy

PhoneBoy

I assume this is part of Verified SNI support.
Doing anything related to SNI likely requires at least App Control (part of NGFW, NGTP, and NGTX licenses).

Are you a member of CheckMates?

Check Point Can Detect & prevent Domain Fronting Attack technique