Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kryten
Collaborator

Local certificate shown on public IP

Hi all,

a customer of ours recently had a PenTest done. All went pretty well but one of the findings was a not-so-secure RSA lenght with a certificate on a public IP.

The IP in question is the main IP of the Check Point Cluster and the certificate shown is the local VPN certificate.

The strange thing: This customer does not have the Mobile Access Blade enabled, so is not using SSL-VPN or any Portal that would run on this IP. Also we found nothing else that would explain why we can do a TLS Handshake to this IP. Its also just the Handshake, as there is no connection after accepting the cert.
While searching we found that Usercheck was pointing to this IP, but that was the only thing we found (and changed to an internal IP of the cluster).

If there is no portal or other service offered by the Gateway on this IP address, why can a connection on Port 443 still be initiated? Is there a way to disable this?

 

 

Cheers, and thanks in advance for any hints!

4 Replies
Kryten
Collaborator

That is an interesting read, thanks. I does not apply to our situation though, as the certificate in question gets shown on Port 443. We don't get anything here when trying for the ICA Ports...

Ryan_Ryan
Advisor

Can you edit the gateway, platform portal, accessibility and change it to internal or policy and see if that closes the port?

 

also run "mpclient list" and see what services are running on 443

PhoneBoy
Admin
Admin

You should probably adjust the implied rules that allow connectivity on port 443: https://support.checkpoint.com/results/sk/sk105740 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece

    Tue 25 Mar 2025 @ 12:00 PM (MDT)

    Salt Lake City: CPX 2025 Recap

    Tue 08 Apr 2025 @ 12:00 PM (MDT)

    Denver: CPX 2025 Recap
    CheckMates Events