Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

block port 443 and 80 and 18264 on checkpoint external firewall

Hi 

Can someone tell how to block port 443. port 80.port 18264 on external interface of checkpoint firewall

3 Replies
Highlighted
Champion
Champion

You'd have to change the management port in Gaia, individual default portal ports in the properties of the gateway, manually define explicit rules for management access on top of your security policy, change Global Properties properties by disabling Implied Rules pertaining to management.

After it is done, implement NAT to Null IP as per @HeikoAnkenbrand answer in this post: https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/How-to-disable-Gaia-access-from-t...

 

Cheers,

 

Vladimir

Highlighted
Admin
Admin

If you have any VPNs (client or site-to-site) or gateways that you manage from the Internet, you cannot disable TCP 18264 (used for certificate revocation) and expect that to continue working.
HTTPS is used for Visitor Mode on Client-to-Site VPNs and for clients to obtain their initial configuration, thus this may break some clients ability to use VPN.
HTTP mostly just redirects to HTTPS but it should be blocked if you put in an explicit rule to do so.
Highlighted

Hi @Ana_11;

THX to  @Vladimir

Here the solution: Add an static NAT rule and NAT it to null IP:-)

src: internet
dst: portal ip
port: portal port
NAT src: internet
NAT dst: static NAT to null IP for example 127.0.0.99
NAT port: portal port

Tags (1)
0 Kudos