Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nflnetwork29
Collaborator

SIP traffic and Stealth rule

checkpoint best practices says the create a stealth rule with action set to DROP And the destination set to the gateway object. (Also the external IP address )

What about SIP traffic. Does this not originate from the Internet?

Would this type of traffic be blocked in the case of the stealth rule?

How does this work would I need to include some sort of exception?

Thanks, 

 

2020-12-10_17-45-44.png

 

 
0 Kudos
1 Reply
PhoneBoy
Admin
Admin

SIP doesn’t “terminate” on the firewall, so I’m not sure why the stealth rule matters in this case.
In any case, if there are is traffic that needs to be permitted to the gateway, rules allowing it should appear before the stealth rule.

0 Kudos