Re: Vulnerability scan shows ports 18231 uses weak...

Bachan

Hi Team,

Checkpoint devices showing that weak ciphers are used on port 18231.

Current version on Gateway : R81.20 Take 76.

As per the sk132712 the issue should have been resolved in R81.20 . But we still see this vulnerability in the scan report.

Can you please let us know if there is any other solution to this ?

Attached is the scan report of the same.

Tal_Paz-Fridman

I'll forward this to the relevant R&D owner but the SK details how to disable the Legacy Desktop Policy process.

Do you use Policy Server and Desktop Policy enabled?

"For other versions and Jumbo Hotfixes;
You can disable the daemon completely by editing the implied_rules.def, and removing/commenting the relevant lines:"

PhoneBoy

Have you tried disabling dtpsd as described in the SK?

the_rock

Can you try follow below from the sk?

Andy

You can disable the daemon completely by editing the implied_rules.def, and removing/commenting the relevant lines:

Open the relevant Gateway object properties in SmartDashboard and uncheck the box “Policy Server” under the “IPSec VPN” blade, click OK (Do not push policy) and close the SmartDashboard.
Open ssh / console connection to the Management Server.
Change directory to $FWDIR/lib : (cd $FWDIR/lib)
Note: For the location of the implied_rules.def file on the Management server, refer to sk92281.
Open the implied_rules.def file with vim:

[Expert@HostName:0]# vim implied_rules.def
Comment the following lines:

Before the change:

#define ENABLE_FWD_TOPO

#define ENABLE_FW1_PSLOGON_NG

After the change:

/*#define ENABLE_FWD_TOPO*/

/*#define ENABLE_FW1_PSLOGON_NG*/
Save the modified file.
Install Policy on the relevant gateway.

Are you a member of CheckMates?

Vulnerability scan shows ports 18231 uses weak ciphers