This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
imservbilllee
Newcomer
4 hours ago

Implied rules

Hi everyone,

 

I am very new to CheckPoint firewall. A recent security scanning flagged one of my External interface saying Weak Cipher.

 

I am surprised why such interface is responding http/https to internet. When I check in the logs it showed "Implied rule" was hit.

 

But I have no idea on which implied rule make this happen and so how to mitigate this issue.

 

Please could you shed some light thanks

 

I am running an Open server on Gaia R81.10

 

Regards,

Bill.

Labels
0 Kudos
4 Replies
_Val_
Admin
Admin
4 hours ago

There can be many reasons for your GW to answer on HTTPS on en external interface: multi-portal, Mobile Access Blade, RAS VPN with a Visitor Mode activated, even Gaia WebUI, if you allow connections to all interfaces.

To manage ciphers, look into sk126613

AkosBakos
Advisor
4 hours ago

Hi @imservbilllee 

Welcome on board, you have chosen the best manufacturer:-)

What are you looking for is the #cipher_util tool.

Here is the complete guide:

https://support.checkpoint.com/results/sk/sk126613

If you have question just drop an update.

Akos

----------------
\m/_(>_<)_\m/
the_rock
Legend
Legend
4 hours ago

Hey Bill,

No worries man, we are here to help. Apart from what the boys said, which is true, I also recommend looking at below, might be relevant. Personally, I would NOT recommend playing around with implied_rules.DEF file on the mgmt server, as its there for a reason with default settings, unless TAC ever asked you to modify it.

Andy

https://support.checkpoint.com/results/sk/sk105740

If it helps, I also made post about something similar for geo VPN block, not sure if it may help you, but its the link below.

https://community.checkpoint.com/t5/Remote-Access-VPN/Geo-VPN-blocking/m-p/214040#M10593

PhoneBoy
Admin
Admin
an hour ago

For the relevant discussion on implied rules for http/https to the gateway, see: https://support.checkpoint.com/results/sk/sk105740 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events