This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Dmitriy_K
Explorer
‎2024-07-19 07:56 AM
Jump to solution

Smartview

Hi all!
Please help me solve the problem. I can log into the Smartview Console using my external IP address from anywhere. At the same time, I don’t have a single rule on the gateway that allows this action. I would not like access to Smartview of my gateway to be opened from the Internet. I want this to be possible only from the local network.
How can I block access to Smartview via a public address?
I will be grateful for your help

OS Gaia
Version R81.20 

0 Kudos
1 Solution

Accepted Solutions
the_rock
Legend
Legend
‎2024-07-19 07:35 PM
Jump to solution

That should be simple to solve...just create a rule that allows ONLY access from trusted IPs/locations/networks and then right below that rule that blocks access to the IP listening for smartview log in page.

Andy

View solution in original post

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2024-07-19 01:12 PM
Jump to solution

The only way this would be possible is if you have a Standalone gateway (i.e. no external management).
This traffic is being accepted on implied rules.
This can be fixed with: https://support.checkpoint.com/results/sk/sk105740 

0 Kudos
Dmitriy_K
Explorer
‎2024-07-21 10:45 PM
In response to PhoneBoy
Jump to solution

Thanks a lot for your hint. Yes, I have a Standalone gateway. The decision was right

0 Kudos
Lesley
Leader Leader
Leader
‎2024-07-19 01:50 PM
Jump to solution

As extra you can make ACL here for SmartConsole access:

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_AdminGuide/Topics-GAG/GUI-Cli...

The IP's you put here, only those IP's are allowed to use SmartConsole.

Extra, you can do the same for portal access and SSH: 

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_AdminGuide/Topics-GAG/Host-Ac...

This called host access. It look's similar as GUI client ACL but it is different. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
Dmitriy_K
Explorer
‎2024-07-21 10:46 PM
In response to Lesley
Jump to solution

Your tips helped me. Thank you for sharing your knowledge

0 Kudos
the_rock
Legend
Legend
‎2024-07-19 07:35 PM
Jump to solution

That should be simple to solve...just create a rule that allows ONLY access from trusted IPs/locations/networks and then right below that rule that blocks access to the IP listening for smartview log in page.

Andy

0 Kudos
the_rock
Legend
Legend
‎2024-07-19 07:42 PM
Jump to solution

Also, forgot to mention, easiest way to block any subnet/IP via smart console is SAM rule through SV monitor.

 

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/To...

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events