- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Re: Implied rules
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Implied rules
Hi everyone,
I am very new to CheckPoint firewall. A recent security scanning flagged one of my External interface saying Weak Cipher.
I am surprised why such interface is responding http/https to internet. When I check in the logs it showed "Implied rule" was hit.
But I have no idea on which implied rule make this happen and so how to mitigate this issue.
Please could you shed some light thanks
I am running an Open server on Gaia R81.10
Regards,
Bill.
- Labels:
-
Gaia
-
Open Server
- Tags:
- implied rules
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There can be many reasons for your GW to answer on HTTPS on en external interface: multi-portal, Mobile Access Blade, RAS VPN with a Visitor Mode activated, even Gaia WebUI, if you allow connections to all interfaces.
To manage ciphers, look into sk126613
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Welcome on board, you have chosen the best manufacturer:-)
What are you looking for is the #cipher_util tool.
Here is the complete guide:
https://support.checkpoint.com/results/sk/sk126613
If you have question just drop an update.
Akos
\m/_(>_<)_\m/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Bill,
No worries man, we are here to help. Apart from what the boys said, which is true, I also recommend looking at below, might be relevant. Personally, I would NOT recommend playing around with implied_rules.DEF file on the mgmt server, as its there for a reason with default settings, unless TAC ever asked you to modify it.
Andy
https://support.checkpoint.com/results/sk/sk105740
If it helps, I also made post about something similar for geo VPN block, not sure if it may help you, but its the link below.
https://community.checkpoint.com/t5/Remote-Access-VPN/Geo-VPN-blocking/m-p/214040#M10593
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Big thanks to everyone! You all are so nice
I am just curious. My portal is configured as "Through internal interface" , mobile access is listening on other external interface
No idea why this external interface is still answering http/https
I think I could try adding a rule on top to block http/https access to this interface from internet, but just curious why...
On the other hand will handle weak ciphe
Regards,
Bill.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If its listening on external interface, 100% implied rule, so you can definitely add rule to block it. Check the post I referenced, sk explains it as well.
Glad we can help you, thats what we are here for 🙂
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For the relevant discussion on implied rules for http/https to the gateway, see: https://support.checkpoint.com/results/sk/sk105740
