This website uses cookies. By browsing this website, you consent to the use of cookies. Learn more.
OK
ABOUT CHECKMATES & FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Help
sdellsperger
sdellsperger
Nickel
‎2019-02-07 07:19 AM

Are there any implied rules on SMB appliances and can I show them?

Jump to solution

Hi guys,

We used to configure "standard rules" for gateways, something like this:

SourceDestinationApplicationServiceActionComment
This GWInternetAnyNTPallow
This GWInternetAnyDNSallow
This GWInternetAnyICMPallow
This GWInternetAnyHTTP(S)allow

The goal was to allow the gateway to set up connections for the update service, license service, etc.

Now I tried the connections withous these rules above and it worked without any problems.

I'd like to know:

Are there any implied rules on the SMB appliances, which allow the gateway to connect to the update service, get time updates, etc?

Are there any possibilities to display them?

Thank you.

Best Regards

Severin Dellsperger

Reply
1 Solution

Accepted Solutions
Highlighted
HristoGrigorov
HristoGrigorov
Gold
‎2019-02-07 08:21 PM

Re: Are there any implied rules on SMB appliances and can I show them?

Jump to solution

I suggest you take a look at this:

https://community.checkpoint.com/docs/DOC-2807-changing-impliedrulesdef-on-locally-managed-smbs 

View solution in original post

Reply
6 Replies
Highlighted
HristoGrigorov
HristoGrigorov
Gold
‎2019-02-07 08:21 PM

Re: Are there any implied rules on SMB appliances and can I show them?

Jump to solution

I suggest you take a look at this:

https://community.checkpoint.com/docs/DOC-2807-changing-impliedrulesdef-on-locally-managed-smbs 

View solution in original post

Reply
sdellsperger
sdellsperger
Nickel
‎2019-02-08 01:02 AM

Re: Are there any implied rules on SMB appliances and can I show them?

Jump to solution

This is what I searched for Smiley Happy

Unfortunately I couldn't find any definition for NTP.

Does someone know, where to find the implied NTP rule?

0 Kudos
Reply
HristoGrigorov
HristoGrigorov
Gold
‎2019-02-08 01:22 AM

Re: Are there any implied rules on SMB appliances and can I show them?

Jump to solution

I checked how it is in centrally managed appliances and there is the following rule:

Perhaps there is similar one when locally managed, not explicitly for NTP?

Reply
sdellsperger
sdellsperger
Nickel
‎2019-02-08 02:53 AM

Re: Are there any implied rules on SMB appliances and can I show them?

Jump to solution

Yes it could be, thanks for helpSmiley Happy 

0 Kudos
Reply
G_W_Albrecht
G_W_Albrecht
Ruby
‎2019-02-08 02:41 AM

Re: Are there any implied rules on SMB appliances and can I show them?

Jump to solution

NTP (UDP 123) is not listed explicitly in implied_rules.def - but if you look inside the file you will see rather complex macros that generate the implied rule base. Just as an addition, we also have this one here: sk119497: Implied rules are generated but not displayed in the Implied Rules view.

Reply
sdellsperger
sdellsperger
Nickel
‎2019-02-08 02:56 AM

Re: Are there any implied rules on SMB appliances and can I show them?

Jump to solution

Thanks for the info, as long as it works it's fine for me.

Reply