- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
I have come across in a few POC scenarios, though this could be equally valid in a live environment, whereby the SMB appliance may not be enforcing or logging any rules pertaining to deep inspection blades like Application Control.
(in my specific cases, these were 1200R POC whereby the Application Control blade logs were not classifying any SCADA applications)
In the POC'S I have come across where this has presented itself, it is often when the SMB appliance is in bridge mode i.e. LAN-to-LAN and the enforcing and logging is expected to run on these interfaces (bridge group) as oppose to a typical setup of LAN-TO-WAN.
By default, LAN traffic is not inspected by deep inspection blades such as Application Control SWB on embedded-GAIA appliance. To turn this inspection on, please follow these instructions.
For Locally Managed appliances:
1. Open WebUI.
2. Go to Device tab.
3. Open Advanced Settings Page.
4. Open "Stateful Inspection -> Allow LAN-LAN DPI" or "Stateful Inspection -> Allow LAN-DMZ DPI" attribute.
5. Select the checkbox.
6. Click "Apply".
For Centrally Managed appliance:
1. Connect to Security Management Server with GuiDBedit Tool.
2. Under the Global Properties -> properties -> firewall_properties , find a property called "dpi_lan_lan" or "dpi_lan_dmz".
3. Set the relevant property to "true".
4. Save the changes: go to 'File' menu - click on 'Save All'.
5. Close the GuiDBedit Tool.
6. Install Policy on your device.
As much as I'd like to take credit for the above, you can find this solution documented in SK102296.
Wonder if this will also be helpful for mirror port situations?
We faced to the similar situation in a ICS PoC. Jarvis Lin Sung-Lun Yang
The deployment scenario is PLC-1200R-HMI in bridge mode, locally managed.
We will try to modify setting by your suggestion.
Thanks!
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY