Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

IPS Exceptions not being applied over VPN

Hello, I've had a dig around and looked at a few post about this and none have resolved my issue.

We have a Locally Managed Check Point 1550 Appliance running firmware version is R80.20.05 (992001208).

Threat protection blades are enabled an up to date. When I VPN into our office and access our Twiki site from my PC over RDP we get no issues navigating around, however, if we attempt to edit any content we get an access denial, which we dont see when in the office or if I access directly from a laptop connected to the gateway over VPN .

--------------------------------

Your access is denied

Your access is

denied


Access denied due to firewall policy violation

Your issue ID for support is: 5f254cd8-2-823b977f-c0000002

--------------------------

 

I have added an exception (see attached file) which has the source as our /24 subnet and have tried with destination being the single IP, the Subnet the twiki is on (Twiki is on EC2 in AWS) and to Any.

 

I have even tried disabling the IPS and overridding the Command Injection IPS to be Detect vs Prevent.  Nothing changes.

 

Hopefully the Guru's here can help.

Regard

Steve

 

0 Kudos
6 Replies
Highlighted
Admin
Admin

When you say “our /24 subnet” what precisely does that refer to?
Can you also post the precise log card shown for the drop (redacting sensitive data)?

0 Kudos
Highlighted

Thanks for the prompt reply.

By “our /24 subnet”  I meant the source in the rule is a Network Object that is our office subnet xxx.xxx.21.0/255.255.255.0.

I had thought I had attached the error.  But I have now see attached file p3.png.

 

0 Kudos
Highlighted
Copper

I think there is an known issue that IPS exception rules doesn't work properly for specific pre-installed IPS protections (Command Injection/Max Ping Size etc.) until R80.20.05.
(For downloaded IPS signatures, exceptions rules should work)

Can you see if the issue resolves with the latest GA firmware R80.20.10 Build 992001433? I believe the issue is fixed here.

0 Kudos
Highlighted

Thanks Tom, may be a silly question but where do I find that version?  When I check for updates on the appliance it says I am up to date.  If I click the update manually button, I am directed to a page where I can download R75 and R77 versions but no R80 ones.

 

Steve

0 Kudos
Highlighted
Copper

Hi Steve,

You can find the firmware download link from below.

R80.20.10 for Small and Medium Business Appliances
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

The reason why the firmware is not downloadable from the appliance WEB UI, is because the firmware is not yet available in the upgrade servers.
Usually new firmware is gradually deployed to the upgrade servers, after the version is widely adopted.
So for now, you will have to manually upgrade it with the image file available in the SK.

Hope it helps.

Highlighted

Thanks Tom, that makes sense.  I've downloaded that and will arrange an out of hours upgrade.

Thanks for all your help.

Steve