This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Firewall_Head
Explorer
Sunday

Will Geo Policy affect the SIC tunnel between management on cloud and FW on premise

Hi Checkmates,

Requirement: configure a geo rule for allowing communication from only country B to public IP of the FW.

I was working with one client to configure a geo policy using updatable object, since the management server was hosted in country A, I added both country B & A to the source address thinking it would impact the SIC tunnel.

When I checked for the interface configuration, I was able to see a public IP running as a loopback interface with name maas tunnel. What is this about?

The firewall has only one public IP on it and the maas tunnel interface was a bit confusing to understand. The SIC tunnel comms should go though the public IP configured on the FW ryt? I didn't take the chance to test this, can someone please help me on this.

Thanks in advance!
======

WR,

FH

 

 

0 Kudos
2 Replies
the_rock
Legend
Legend
Sunday

Personally, I never had that issue myself. Regardless, I would ensure 100% that if this is indeed needed to allow whatever public IP has to communicate and then block the country in the rule below.

Makes sense?

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee
Sunday

Per the FAQ the connection to Smart-1 cloud is outbound and covered by implied rules:

https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Check-Point-SmartCloud-Admin-...

"What ports must be open on the security gateway?"

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece
    CheckMates Events