This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Lockout888
Explorer
‎2019-11-07 11:48 PM

Close Default Open Ports

I have a Cleanup Rule any/any to drop traffic from the Internet, but a Shields Up scan from grc.com shows I have several ports open by default:  80, 264, 443 and 444.

What configuration changes do I need to "stealth" these ports?

 

ScreenShot715.jpg

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2019-11-08 11:55 PM

80/443 is Multiportal.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Port 264 is related to a Remote Access implies rule, go to Global Properties > Firewall > Accept Remote Access Control Connections, uncheck this, and install policy.
Port 444 is not one of our standard ports and may be related to your specific configuration.
0 Kudos
Lockout888
Explorer
‎2020-01-09 02:41 PM
In response to PhoneBoy

I set the Platform Portal Accessibility settings to "Through internal interfaces" with no options checked per the SK solution.  I verified my Topology settings are correct (eth1 = external and Mgmt = Internal).

I am still getting implied Rule 0 accepts for 443 and 80 in the logs. This is a Standalone configuration if that matters.

The SK other solution says:  "In case you do not want to allow any connections to the Security Gateway's portals , add a rule that drop this traffic."

How do I add a rule that will drop the traffic of an implied rule?

0 Kudos
PhoneBoy
Admin
Admin
‎2020-01-09 03:00 PM
In response to Lockout888

See also: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos
Lockout888
Explorer
‎2020-01-09 06:27 PM
In response to PhoneBoy

Thanks PhoneBoy, I think that did the trick.

SecurePlatform and UserCheck were both set to "internal_interfaces" but SmartView was set to "all_interfaces".

I set that to internal_interfaces, saved and installed policy.

The implied rule 0 accepts on 443 and 80 seem to have stopped, and now GRC Shields Up reports those ports as Stealth 🙂

 

 

Preview file
384 KB
0 Kudos
KernelGordon
Employee Alumnus
Employee Alumnus
‎2020-01-09 03:29 PM
In response to Lockout888

You can follow sk115600 to disable the implied rules. I would not recommend doing this however as you will have to create explicit rules to replace the implicit rules and this usually just leads to a lot of headaches.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events