Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
zkg
Explorer

IoT Security Alerts

Dear all,

We use a locally managed Quantum Spark 1800 appliance R81.10.10 (996002945). The appliance allows to monitor IoT devices. However this monitoring seems to be faulty.

For example:
We have (among others) two HP computers which are listed as such under Monitoring>Assets. In particular they are not listed under IoT assets. However, if one of these computers connects to the other, we obtain a "Security Alert" that reads "Unauthorized domain IoT access". Since neither of the two computers are listed under IoT assets the above alert makes no sense to us.

With this post we wanted to inquire other users if they have seen the same behaviour as described above and how to fix the issue?

Best regards,
Gabriel Pescia

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

I assume you can configure an override to resolve the issue: https://support.checkpoint.com/results/sk/sk181988 

0 Kudos
Dafna
Employee
Employee

Hi,

I'm Dafna working as a team leader at  Quantum Spark R&D.

You are right - this is no the expected behavior,

Is it possible to access your GW via reach my device or remote session to check it?

I'm Dafna, a team leader at Quantum Spark R&D.

You are right; this behavior is not what we would expect.

Would it be possible to access your GW via "Reach My Device" or a remote session to check it?

Thanks,

   Dafna

 

0 Kudos
zkg
Explorer

Hi Dafna,

thanks for your reply. Because of security reasons we cannot provide direct access to the device.
Would you be able to provide necessary trouble shooting steps, which we can perform on our own, to figure out what is going wrong?

We have also noticed another problem: We have 10 devices listed under the same IoT group. The group shows as policy: "Prevent". However the top panel under "Access Policy>IoT" shows 5 of these devices as "Unproteceted Assets". Do you have an idea what might be the problem there?

Best regards,
Gabriel Pescia

0 Kudos
Dafna
Employee
Employee

Hi,

Please provide the following information:

Issue #1:

  1. cpinfo
  2. screen shot of the relevant security logs which are relevent to the HP computers
  3. The last notification which you got on those computers
  4. screen shot of your outgoing policy
  5. output of the following commands:
    •  pt fwGeneratedRule
    • fw tab -t iot_cleanup_rule_num_table

Issue #2:

1. send the device type and vendor

2. screen shot of the IOT page and asset page (I want to see hoe those devices are displayed)

3. the MAC address of the problematic devices

 

Thanks,

   Dafna

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events