Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
imservbilllee
Explorer

Implied rules

Hi everyone,

 

I am very new to CheckPoint firewall. A recent security scanning flagged one of my External interface saying Weak Cipher.

 

I am surprised why such interface is responding http/https to internet. When I check in the logs it showed "Implied rule" was hit.

 

But I have no idea on which implied rule make this happen and so how to mitigate this issue.

 

Please could you shed some light thanks

 

I am running an Open server on Gaia R81.10

 

Regards,

Bill.

0 Kudos
6 Replies
_Val_
Admin
Admin

There can be many reasons for your GW to answer on HTTPS on en external interface: multi-portal, Mobile Access Blade, RAS VPN with a Visitor Mode activated, even Gaia WebUI, if you allow connections to all interfaces.

To manage ciphers, look into sk126613

AkosBakos
Leader Leader
Leader

Hi @imservbilllee 

Welcome on board, you have chosen the best manufacturer:-)

What are you looking for is the #cipher_util tool.

Here is the complete guide:

https://support.checkpoint.com/results/sk/sk126613

If you have question just drop an update.

Akos

----------------
\m/_(>_<)_\m/
the_rock
Legend
Legend

Hey Bill,

No worries man, we are here to help. Apart from what the boys said, which is true, I also recommend looking at below, might be relevant. Personally, I would NOT recommend playing around with implied_rules.DEF file on the mgmt server, as its there for a reason with default settings, unless TAC ever asked you to modify it.

Andy

https://support.checkpoint.com/results/sk/sk105740

If it helps, I also made post about something similar for geo VPN block, not sure if it may help you, but its the link below.

https://community.checkpoint.com/t5/Remote-Access-VPN/Geo-VPN-blocking/m-p/214040#M10593

imservbilllee
Explorer

Big thanks to everyone! You all are so nice

 

I am just curious. My portal is configured as "Through internal interface" , mobile access is listening on other external interface

No idea why this external interface is still answering http/https

 

I think I could try adding a rule on top to block http/https access to this interface from internet, but just curious why...

 

On the other hand will handle weak ciphe

Regards,

Bill.

0 Kudos
the_rock
Legend
Legend

If its listening on external interface, 100% implied rule, so you can definitely add rule to block it. Check the post I referenced, sk explains it as well.

Glad we can help you, thats what we are here for 🙂

Andy

0 Kudos
PhoneBoy
Admin
Admin

For the relevant discussion on implied rules for http/https to the gateway, see: https://support.checkpoint.com/results/sk/sk105740 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events