This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mike_Jensen
Advisor
‎2020-12-07 11:31 AM

Security gateway accepting https connections via implied rule

My external security gateways are accepting  tcp/443 inbound traffic via an implied rule from the public internet.  I have examined the implied rules in SmartConsole by selecting the appropriate policy Actions => Implied Rules.  I can't seem to identify which implied rule it is that is allowing https.  None of the implied rules how "https" as the service and when I go to the left and click on "Configuration" it doesn't seem that any of the options I have selected would apply .

 

There is one option checked (see screen shot below) that states "Accept Web and SSH connections for Gateways administration (Small Office Appliance)" that I would assume allows https but these gateways are 15,400 appliances.  Would this rule still apply?

I am in need of disabling https to these external security gateways as this came up as a finding from auditors on a external pen scan.

Also, I do not have SSL Extender enabled.

 

Preview file
53 KB
Preview file
41 KB
0 Kudos
3 Replies
Bob_Zimmerman
Authority
Authority
‎2020-12-07 12:01 PM

I would expect that to be caused by the "Accept Remote Access control connections" item. That screen is as granular as the implied rule configuration gets. That item would cover all ports needed for any remote access feature to work (Endpoint, SNX, Mobile Access). I don't believe they are aware of feature selections on the firewalls.

While I almost never recommend doing this, you may need to disable that implied rule category and create manual equivalents.

0 Kudos
John_Fleming
Advisor
‎2020-12-07 08:06 PM

sk105740 maybe? Basically is the portal accessibility set to something besides according to the firewall policy?

Oh and that Accept Web etc is for 1100,1400,1500 etc. Basically the SMB boxes that run Gaia Compatible. 

0 Kudos
Mike_Jensen
Advisor
‎2020-12-08 01:20 PM
In response to John_Fleming

sk105740 sounds promising.  Where do I need to go to change enable_portal_http.  I looked through the implied rules and implied rule settings and I can't find anything like this.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events