Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
LostBoY
Advisor

Risk Mitigation in cp gw

The following vulnerabilities and suggested fix have been reported in CP GW Cluster.. these are on R80.40 

However.. i am unable to find these on the path suggested... where can i edit these via smartConsole/cli ? 

 

1)IPS configuration - No check for out of sequence TCP packets

Suggested fix - 

We recommend that you use the Check Point SmartDashboard to enable Sequence Verifier:

IPS Tab =>Protections =>By Protocol => Network Security => TCP => Sequence Verifier

2)IPS configuration - No flood protection

Suggested fix - 

We recommend that you use the Check Point SmartDashboard to enable some of these properties:

Non TCP Flooding: IPS Tab => Protections => By Protocol => Network Security => Denial of Service => Non TCP flooding

SYN Attack protection: IPS Tab => Protections => By Protocol => Network Security => TCP => SYN Attack Configuration

SYN Attack protection can be enabled by either unchecking the "Override module's SYNDefender configuration" to use the module configured protection or checking the "Activate SYN Attack protection".

3)  Missing Application Control “Block” rules

Suggested Fix - 

Your firewall is installed with the Application Control blade, but the corresponding “Application & URL Filtering” policy does not consist of any “Block” rules. Having no such rules, the “Application & URL Filtering” policy doesn’t practically have any filtering effect on the traffic traversing the firewall.

Remedy
Add at least one rule with action “Block” to the “Application & URL Filtering” policy.

 

In this case i already have a first rule as block in application layer policy and second layer allow all.. is this not the correct way to implement ?

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

What precisely generated these recommendations?
The remediation steps look consistent with R77.x and not R8x.
I believe those IPS protections are actually Inspection Settings in R8x (though haven’t looked).

0 Kudos