This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MtxMan
Contributor
‎2022-11-25 08:41 AM

Best Practice Guidelines for Security gateway

Hi Checkmates,

My new customer annually will conduct hardening or best practice configuration for each security product. Just digging to Check Point admin guide and sk related to this guidelines but not found anything.

They give me a some example like palo alto use best practice assessment to help customer hardening or guidelines for the palo firewall.. how about Check Point? Does anyone has some idea or information about my question? Thanks!

0 Kudos
9 Replies
the_rock
MVP Diamond
MVP Diamond
‎2022-11-25 09:03 AM

Hope below things are helpful:

https://community.checkpoint.com/t5/Management/Checkpoint-Hardening-Benchmark/td-p/54220

https://community.checkpoint.com/t5/Security-Gateways/Gaia-Hardening-for-R81/td-p/102561

Andy

Best,
Andy
0 Kudos
MtxMan
Contributor
‎2022-11-26 05:19 PM
In response to the_rock

how about best practice configuration tools? is there any tools from Check Point to help and enhance customer current configuration such as best practice configuration for IPS, AV, or redundancy policy and NAT?

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-11-25 04:39 PM

There are the CIS benchmarks published by the community also the Compliance Blade might be helpful to you here.

https://community.checkpoint.com/t5/Compliance/CIS-Benchmarks/td-p/134755

Andy has provided some links to previous discussion regarding similar.

CCSM R77/R80/ELITE
0 Kudos
MtxMan
Contributor
‎2022-11-26 05:20 PM
In response to Chris_Atkinson

yes i already talked with customer to use Compliance Blade but they said some competitor giving them for free like bpa by paloalto. is there any tools from Check Point to help and enhance customer current configuration such as best practice configuration for IPS, AV, or redundancy policy and NAT?

Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-11-26 06:27 PM
In response to MtxMan

AV & IPS should be tailored to the configuration of the assets that you are protecting, this will be different between environments.

Comparing BPA to Compliance Blade isn't really useful/accurate. In any case if they simply wish to try it (Compliance) there are evaluation licenses. 

CCSM R77/R80/ELITE
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2022-11-26 07:00 PM
In response to MtxMan

Personally, while compliance blade is nice to have, I dont find you get a lot of value out of it. It tells you what 100% of what IT people already know...dont use any for services, use urlf and app layer, anti spoofing prevent, things like that. I have a feeling that if you were to follow everything compliance blade report tells you, your rule base would be locked down to the point where it would be almost not sustainable.

Best,
Andy
0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-11-26 07:06 PM
In response to the_rock

Appreciate the spirit of this feedback but of course you aren't meant to turn on everything Compliance blade has since not all industries conform to the same regulatory & compliance standards etc.

The idea is you enable what is relevant to you and it helps keep you on track or improve.

CCSM R77/R80/ELITE
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2022-11-26 07:13 PM
In response to Chris_Atkinson

Of course, I get what you are saying. I had one client try it and while they did like the blade, they definitely expected more out of it.

Best,
Andy
0 Kudos
_Val_
Admin
Admin
‎2022-11-27 11:44 PM
In response to MtxMan

Compliance Blade is free for the first year.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events