This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mike314
Explorer
‎2024-10-01 02:29 PM

STIG's Forum

Any chance we can get a forum to discuss STIG concerns?

 

From time-to-time we get a STIG that is not documented in the released documentation for given hardware/software. 

The current example I am looking for is...

------------------------------------------------------------------------------------------------------------------------------------

"Check Text: Verify the firewall stops forwarding traffic or maintains the configured security policies upon the failure of the following: system initialization, shutdown, or system abort.

If the firewall does not stop forwarding traffic or maintain the configured security policies upon the failure of system initialization, shutdown, or system abort, this is a finding.

Fix Text: Configure the firewall to stop forwarding traffic or maintain the configured security policies upon the failure of the following actions: system initialization, shutdown, or system abort."

------------------------------------------------------------------------------------------------------------------------------------

I have not been able to find any information about the traffic flow during a reboot, or system failure for the system I am using.

What is the best location to find answers on these types of topics? In the past, if I can not find documentation on a particular subject required for a STIG, I end up opening a ticket. It seems like that is a lot of overhead for something a lot of people need to do.  

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2024-10-01 07:51 PM

You can ask here and we'll do our best to answer.

By default, the system will not forward traffic when powered on and won't until the software is up where IP forwarding is enabled and the last installed security policy is activated.
The management is checked first to see if this policy has changed.
If the policy is the same or the management is not available for some reason, the gateway will attempt to load the last installed security policy from the local cache.
If all else fails, a DefaultFilter is loaded, which blocks all but management traffic and disables IP forwarding.

Should the software in the gateway fail, it "fails closed" (won't forward any traffic).

Some of this is in the formal documentation: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_Installation_and_Upgrade_Gui... 

0 Kudos
Mike314
Explorer
‎2024-10-02 07:48 AM
In response to PhoneBoy

Thank you PhoneBoy!!!

Any chance the "Fail-Closed" is documented in a released publicly available document. I will need to point to the document that shows this for my STIG.

 

...and thank you the link to this forum. I will be looking checking it out all day.

 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2024-10-02 08:03 AM
In response to Mike314

Not sure we directly address the "fail closed" issue.
However, if we failed open, we would not offer (as an option) fail open NICs, which are described here: https://support.checkpoint.com/results/sk/sk87621 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top