- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
Our weekly scans show open ports for devices that have locked down rules. For example we allow inbound access for https but the external scans show ports TCP 1720, 5060 and 2000. We are also seeing TCP 1720 on non-existing IPs. I have used Tenable and NMAP scanners to verify. Any ideas?
Any chance you have a VoIP configuration or a remnant thereof? Do the IP addresses at least look familiar? Can you ARP for them?
No VOIP servers configured on that network that I know of. For the IPs I know that are live, we have rules that drop that traffic.
Hi!
Check this SK about the SIP port. How to disable 'fw early SIP nat' chain / SIP inspection
Regarding H323, try deleting all h323 services on the dashboard (if you are not using voip services) and install policy.
That should do
@David_Chau We just observed similar behavior after an external scan. I see the thread here kind of died off... did you ever get a definitive answer to account for this behavior?
Hello,
Confirm that define rules are correctly matching the traffic and look for NAT rules for any port forwardings
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY