This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
G_W_Albrecht
Legend Legend
Legend
‎2018-08-14 05:18 AM
Jump to solution

Port Scan and SMB

For the GAiA gateways, sk110873 How to configure Security Gateway to detect and prevent port scan gives a detailed configuration guide for R7x and R80.x. But for SMB units, in IPS protections we only find the protection Masscan Port Scanner - but no description how it works. I would assume that the IPS is able to collect statistics, but is that done with locally managed SMB devices ? And what about SMBs managed by R7x / R80.x, can you configure an automatic SAM rule to close the port scanning connections also on SMB gateways ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
1 Solution

Accepted Solutions
Pedro_Espindola
Advisor
‎2018-08-14 06:29 AM
Jump to solution

Günther, on locally managed SMB appliances, I believe that is all you have.

For centrally managed, they have the same protections, such as Host Port Scan, Zmap, Masscan, etc.

They do not support SAM rules, and using "Block source" automatic reactions in SmartEvent will have no effect.

View solution in original post

2 Replies
Pedro_Espindola
Advisor
‎2018-08-14 06:29 AM
Jump to solution

Günther, on locally managed SMB appliances, I believe that is all you have.

For centrally managed, they have the same protections, such as Host Port Scan, Zmap, Masscan, etc.

They do not support SAM rules, and using "Block source" automatic reactions in SmartEvent will have no effect.

G_W_Albrecht
Legend Legend
Legend
‎2018-09-07 05:16 AM
In response to Pedro_Espindola
Jump to solution

Yes, it is just like that - as the fw sam command does not work on SMBs and only SAM Events created by CP SAM GWs will work (no 3rd party events), this is all we have (and we even do know no details)...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top