This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Chauhanrht8
Explorer
‎2019-08-22 05:05 PM
Jump to solution

Firewall rule for any tcp and udp port

How can  we create a service for Any tcp and UDP ports.

Port should be-  Any 

And protocol should be - TCP and UDP ?? 

 

0 Kudos
1 Solution

Accepted Solutions
HeikoAnkenbrand
Champion Champion
Champion
‎2019-08-23 07:13 AM
Jump to solution

Hi @Chauhanrht8 

Creat two new services with a port range from 1 to 65535 for udp service and tcp service.

Set no protocol in protocol field and  don't use ‚match for any‘.

Now add this two new services to your rule.

TCP_ANY:

Port: 1-65535

Match for any: no

Protocol: none

UDP_ANY:

Port: 1-65535

Match for any: no

Protocol: none

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

10 Replies
Maik
Advisor
‎2019-08-23 04:48 AM
Jump to solution

Not sure why you would want to do this, but create a group and insert a tcp and udp object.

Each object respectively contains the port range of 1-65535 or just "any" and you are good to go.

0 Kudos
Danny
Champion Champion
Champion
‎2019-08-23 05:04 AM
Jump to solution

* Any also matches for applications and not just TCP/UDP ports as requested.

Therefore just create a new tcp_any and udp_any object  >0, uncheck Match for Any and use these in your rule.

Example:

image.png

How To Describe "Any Application"

Matching unknown traffic

 

(1)
Maik
Advisor
‎2019-08-23 05:07 AM
In response to Danny
Jump to solution

Hey,

I was not writing about "any" in the typical way of "any" in the service column. With any I meant to write "any" in the TCP or UDP objects itself. "Any" or 1-65535 should end up with the same functionality, doesn't it?

0 Kudos
-TJ-
Participant
‎2019-08-23 06:55 AM
In response to Maik
Jump to solution

You may want to be sure to uncheck the 'match for any' in the service properties.   I expect you will receive the warning that service objects may inherit that change.

See sk150553 for an example.

The idea sort of negates having a firewall though.   I assume you likely have a good reason.

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
‎2019-08-23 07:13 AM
Jump to solution

Hi @Chauhanrht8 

Creat two new services with a port range from 1 to 65535 for udp service and tcp service.

Set no protocol in protocol field and  don't use ‚match for any‘.

Now add this two new services to your rule.

TCP_ANY:

Port: 1-65535

Match for any: no

Protocol: none

UDP_ANY:

Port: 1-65535

Match for any: no

Protocol: none

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Chauhanrht8
Explorer
‎2019-08-24 08:33 AM
In response to HeikoAnkenbrand
Jump to solution

Hello @HeikoAnken,
Thanks for the information.
0 Kudos
sajj
Explorer
‎2020-01-27 09:30 AM
In response to HeikoAnkenbrand
Jump to solution

Hi,

What is the use case to have Protocol = NONE ?

Why 2 separate services are proposed (TCP_ANY   and UDP_ANY) though the meaning is same as we are not using any protocol ? Is it only for more readability ?

What will be behavior of checkpoint firewalls if do not choose Protocol = None ? Because Source IP will choose either TCP or UDP for communication.

 

Regards,

Sajjad

 

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2020-01-27 10:25 PM
In response to sajj
Jump to solution

Protocol None is for the applications like FTP, H323 etc.
Why you want only TCP and UDP is that you don't want to allow all other protocols like GRE and IPSEC, which are neither TCP nor UDP.
Regards, Maarten
(1)
sajj
Explorer
‎2020-01-28 06:32 AM
In response to Maarten_Sjouw
Jump to solution

Thanks.

So it means any protocol (like TCP, UDP , GRE, IPSec, etc.) under IP-Protocol will be considered, it is like everything.

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2020-01-28 06:45 AM
In response to sajj
Jump to solution

Any will allow all, while the 2 TCP and UDP (all ports) will not allow other protocols than TCP or UDP.
Regards, Maarten
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events