This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ProxyOps
Contributor
a month ago

Application Server Message Block v1 (SMBv1) experience

Hello CheckMates,

We are currently faced with a requirement to limit and block as much SMBv1 traffic as possible and restrict SMBv1 traffic to specific sources and destinations. For this use case we would like to implement firewall rules with the service (application) "Server Message Block v1 (SMBv1)" and also use the objects "Server Message Block v2 (SMBv2)" and "Server Message Block v3 (SMBv3)" instead of just allowing tcp/445 for example.

We are looking for some real life experience with these objects in a production ruleset. We are a little concerned about how reliable the detection of different SMB versions is in a production ruleset.

We have not been able to find much documentation in the Check Point support centre, knowledge base articles or fixes for these applications.

We would also be very interested to know how Check Point handles the different "dialects" of SMB such as 2.0.1, 3.0.2, 3.1.1 etc.

Any feedback would be appreciated!

Kind regards

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
3 weeks ago

I haven't seen many people comment on these specific Application definitions.
Note this does require using App Control for the relevant traffic, which means at least Medium Path for the relevant traffic. 

Not sure what you mean by "handles the different dialects" as I assume they identified as their major version number. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events