- CheckMates
- :
- Products
- :
- General Topics
- :
- Local certificate shown on public IP
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Local certificate shown on public IP
Hi all,
a customer of ours recently had a PenTest done. All went pretty well but one of the findings was a not-so-secure RSA lenght with a certificate on a public IP.
The IP in question is the main IP of the Check Point Cluster and the certificate shown is the local VPN certificate.
The strange thing: This customer does not have the Mobile Access Blade enabled, so is not using SSL-VPN or any Portal that would run on this IP. Also we found nothing else that would explain why we can do a TLS Handshake to this IP. Its also just the Handshake, as there is no connection after accepting the cert.
While searching we found that Usercheck was pointing to this IP, but that was the only thing we found (and changed to an internal IP of the cluster).
If there is no portal or other service offered by the Gateway on this IP address, why can a connection on Port 443 still be initiated? Is there a way to disable this?
Cheers, and thanks in advance for any hints!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That is an interesting read, thanks. I does not apply to our situation though, as the certificate in question gets shown on Port 443. We don't get anything here when trying for the ICA Ports...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you edit the gateway, platform portal, accessibility and change it to internal or policy and see if that closes the port?
also run "mpclient list" and see what services are running on 443
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should probably adjust the implied rules that allow connectivity on port 443: https://support.checkpoint.com/results/sk/sk105740
