Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copper

No authentication for port 18231 Policy Server Login (old)

Hello fellow community members!

Our security vulnerability scan has flagged that there is no authentication algorithm / ciphers for connections to port 18231 on our gateways (which according to the awesome diagram from Heiko Ankenbrand is "Policy Server Login (old)"). 

As we're using E80.xx Endpoint protect against a separate Policy server, I'm guessing we don't use this port any more (perhaps it was for the older R75 VPN client??).

Does anyone know of a way to secure this port, either by blocking it, or by making it offer secure SSL ciphers??

Regards,

Jason

5 Replies
Highlighted

Yes, with a SYN scan you see the port as open. 

If you check the TLS certificates, you see an TLS handshake.

Afterwards the Check Point communication follow.

Regards

Heiko

Highlighted
Copper

Thanks Dameon Welch-Abernathy‌.

Do you know if the E80.xx client will have any issues with setting this to TLS1.2?

0 Kudos
Highlighted
Admin
Admin

Possible some older VPN clients might.

0 Kudos
Highlighted
Copper

Interesting.  I applied the first two options in SK132712 to my R77.30 gateways, and the nmap scan has not shown any improvement.

PORT      STATE SERVICE         VERSION

18231/tcp open  ssl/fw1-pslogon Check Point FireWall-1 Policy Server logon

| ssl-enum-ciphers:

|   TLSv1.0:

|     ciphers:

|       TLS_DH_anon_WITH_3DES_EDE_CBC_SHA - F

|       TLS_DH_anon_WITH_AES_128_CBC_SHA - F

|       TLS_DH_anon_WITH_AES_256_CBC_SHA - F

|     compressors:

|       NULL

|     cipher preference: client

|_  least strength: F

0 Kudos