This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
jimm
Participant
‎2025-06-11 12:01 AM

Restricting Gaia

When configuring an R81.20 Quantum gateway, the Gaia web interface is available via port 443 on its management interface.  However i was surprised to see its also available on other interfaces.  What is the best practice for restricting Gaia to listen only on the management interface?

0 Kudos
7 Replies
the_rock
Legend
Legend
‎2025-06-11 12:34 AM

In web ui, go to:
System Management > Access > Administration Access

In clish, set management interface interfacename

Andy

0 Kudos
emmap
Employee
Employee
‎2025-06-11 12:37 AM

Once the gateway is SIC'd to management you can control access within the gateway settings.

Preview file
39 KB
0 Kudos
jimm
Participant
‎2025-06-11 12:57 AM
In response to emmap

setting the management interface didnt help. Other interfaces still responded on 443. ie;

CPFW01> show management interface
eth1

However, the 'platform portal' setting in gateway object is set to 'according to the firewall policy' . So i will verify the rules

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2025-06-11 02:08 AM
In response to jimm

Some additional considerations:

https://support.checkpoint.com/results/sk/sk105740

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_AdminGuide/Topics-GAG/Host-Ac...

CCSM R77/R80/ELITE
0 Kudos
D_W
Advisor
‎2025-06-11 01:04 AM

I also struggle with this setup.
On R81.10 I see the Check Points are answering ping to 192.168.1.1 although the (physical) Mgmt Interface is state off and not connected.
When the (physical) Mgmt Interface is state on but cable still not connected then also the Portal shows up with 192.168.1.1 ⁉️

0 Kudos
the_rock
Legend
Legend
‎2025-06-11 04:03 AM
In response to D_W

I find that odd as well...let me do some lab tests later.

Andy

0 Kudos
the_rock
Legend
Legend
‎2025-06-11 04:43 AM
In response to D_W

What is output of below?

Andy

my lab:

R82> show management interface
eth0
R82>

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events