This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
imamuzic
Collaborator
‎2025-05-14 08:00 AM
Jump to solution

Security Management Server exposed to the internet due to implied rule – warning

Hi everyone,

I’d like to share an observation that I believe is critical for anyone using a Check Point Security Management Server (SMS), especially in distributed environments where gateways connect to the SMS over the Internet if you enable Static NAT on the Management Server object and you check the box "Apply for Security Gateway control connections".

This is due to implied rules. This often goes unnoticed because implied rules are not shown in the rulebase, and many administrators are unaware that their Management Server is being exposed.

This all together creates a situation where your Management Server is reachable from any IP on the internet.

Is there any option besides disabling "Accept control connections" in Implied policy?

0 Kudos
31 Replies
Adam276
Collaborator
‎2025-05-16 12:07 PM
In response to Nik_Bloemers
Jump to solution

Action -> Implied Rules unfortunately does not show all of the implied rules.  There are a lot of ports that are allowed depending on what blades/features you have enabled and they don't appear in the Implied Rules.  TCP 18264 is one of those ports.  So some port rules that are allowed are not visible anywhere in the rule base (even in action -> implied rules).

It isn't clear to me if the RFE request that is marked as the solution is to show existing visible implied rules with action -> implied rules in the normal rule base or to expose the hidden implied rules that are not shown in action -> implied rules.

This article is relevant...
https://support.checkpoint.com/results/sk/sk119497

0 Kudos
PhoneBoy
Admin
Admin
‎2025-05-16 02:39 PM
In response to Adam276
Jump to solution

sk119497 is relevant insofar at the fact some rules don't show in the Implied Rules view.
This would make it "by design" behavior and would require an RFE to be filed.
Whatever your specific requirements are should be articulated in the RFE you open.
Involving your local Check Point office is also recommended.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events