Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dmitriy_K
Explorer
Jump to solution

Smartview

Hi all!
Please help me solve the problem. I can log into the Smartview Console using my external IP address from anywhere. At the same time, I don’t have a single rule on the gateway that allows this action. I would not like access to Smartview of my gateway to be opened from the Internet. I want this to be possible only from the local network.
How can I block access to Smartview via a public address?
I will be grateful for your help

OS Gaia
Version R81.20 

0 Kudos
1 Solution

Accepted Solutions
the_rock
Legend
Legend

That should be simple to solve...just create a rule that allows ONLY access from trusted IPs/locations/networks and then right below that rule that blocks access to the IP listening for smartview log in page.

Andy

View solution in original post

0 Kudos
6 Replies
PhoneBoy
Admin
Admin

The only way this would be possible is if you have a Standalone gateway (i.e. no external management).
This traffic is being accepted on implied rules.
This can be fixed with: https://support.checkpoint.com/results/sk/sk105740 

0 Kudos
Dmitriy_K
Explorer

Thanks a lot for your hint. Yes, I have a Standalone gateway. The decision was right

0 Kudos
Lesley
Leader Leader
Leader

As extra you can make ACL here for SmartConsole access:

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_AdminGuide/Topics-GAG/GUI-Cli...

The IP's you put here, only those IP's are allowed to use SmartConsole.

Extra, you can do the same for portal access and SSH: 

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_AdminGuide/Topics-GAG/Host-Ac...

This called host access. It look's similar as GUI client ACL but it is different. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
Dmitriy_K
Explorer

Your tips helped me. Thank you for sharing your knowledge

0 Kudos
the_rock
Legend
Legend

That should be simple to solve...just create a rule that allows ONLY access from trusted IPs/locations/networks and then right below that rule that blocks access to the IP listening for smartview log in page.

Andy

0 Kudos
the_rock
Legend
Legend

Also, forgot to mention, easiest way to block any subnet/IP via smart console is SAM rule through SV monitor.

 

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/To...

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events