This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kevin-p
Explorer
‎2024-06-24 06:46 PM

Gaia Portal (WebUI) over HTTP

Hi Everyone,

I am currently going through an ISO/SOC2 recertification audit and the auditors have asked to see the configuration on the gateway that only allows access to the WebUI over tcp/443(HTTPS) and doesnt allow access on tcp/80(HTTP) however I cannot find where this is configured.

Doing some investigation and opening a case with TAC, I have confirmed that the gateway does infact allow traffic on port 80 however there is a kernel level redirect which redirects the traffic to HTTPS. I was able to find a similar post(https://community.checkpoint.com/t5/Security-Gateways/Gaia-Web-GUI-http-to-https-redirection/td-p/18...) in regards to the HTTPS redirect, however I cannot find anything in the R81.20 Admin Guide or any CheckPoint docs that mentions this being configured by default.

TAC suggested that I follow sk165937 to disable the connection to gateway on TCP Port 80 and add a SAM rule to block port 80 so it shows a drop in the logs but this seems excessive seeing as there is already the kernel redirect and all I need to do is provide documentation that it is a default configuration.

If anyone has any doc that would help me out, it would be appreciated!

Thanks!  

 

Labels
0 Kudos
7 Replies
the_rock
Legend
Legend
‎2024-06-25 05:46 AM

Personally, I had never heard or seen document that states that, its been that way for who knows how long. Personally, if I were you, I would ask your SE to check on it internally, if one even exists.

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2024-06-25 09:36 AM

The feature that does this redirect is called Multiportal and has been there since R75.
I believe the documentation you are looking for that it's a default is: https://support.checkpoint.com/results/sk/sk66030

0 Kudos
the_rock
Legend
Legend
‎2024-06-25 09:43 AM
In response to PhoneBoy

Is this related to redirect part though? 80 -> 443?

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2024-06-25 10:09 AM
In response to the_rock

Yes, this is part of what Multiportal does.

0 Kudos
the_rock
Legend
Legend
‎2024-06-25 10:24 AM
In response to PhoneBoy

I get that part, but I think this port 80 -> port 443 redirect used to happen way before multiportal came along?

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2024-06-25 11:39 AM
In response to the_rock

I believe so, yes.
Previously, I believe it was done as part of the underlying Apache configuration.
When Multiportal was introduced in R75, it was moved there.

the_rock
Legend
Legend
‎2024-06-25 11:41 AM
In response to PhoneBoy

Ah, good ol' Apache 🙂

Now it all makes sense.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events