This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Chris_Prescott
Explorer
‎2018-06-21 04:34 AM

Why is port 80 and 443 still open to the internet?

We have a mobile access blade activated in our firewall but have disabled it via the GUI interface; however we can still see that port 80 and 443 are open to the internet.  We can see via tracker that it is an implied rule that is accepting traffic on 80 and 443 but cannot see which implied rule is allowing it.

Does anyone have any ideas?

6 Replies
Praphulla
Explorer
‎2020-04-20 06:44 AM
In response to PhoneBoy

Hello ,

 

Even after making changes anyone from internet can telnet on 443 and 80 .

Due to this many vulnerabilities are coming from security team.

Does we have any fixed solution on this ? 

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2020-04-20 07:49 AM
In response to Praphulla

If you set it to internal interface and still have the issue, i would contact TAC to get it resolved!

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Vladimir
Champion
Champion
‎2021-02-10 08:50 PM
In response to Praphulla

sk165937 should help.

For HTTP redirects in particular, see the very bottom of the SK.

0 Kudos
ham2065
Explorer
‎2022-09-20 10:09 PM
In response to Vladimir

Hi 

I have this issue as well (http/https open on external interface gateways). We used to use Mobile Access but I disabled the Mobile Access blade about a year ago and afaik have no use any Multi Portal functions on the external interface. 

I found this article sk155512 

How to determine which portal is causing MultiPortal to respond on external interface

Is this relevant in this case? The article states - "MultiPortal creates an implied rule and accepts traffic on port 443 or port 80 if a portal is set to be accessible from All Interfaces. This setting might persist even if the blade was later disabled. This can be changed in the following manner:"

The article is very vague with instruction such as - 5. Change the setting accordingly. I tried to follow the article along in GuiDBedit but could not work out what to do. 

A while back I opened a support ticket with Checkpoint but got nowhere with it. 

0 Kudos
ldiaz0891
Explorer
‎2023-05-22 09:49 PM

El tráfico 443 es utilizado por el software Check Point para varias cosas, puede ver los usos en sk52421. Si bien 443 está permitido, no es explotable, sin embargo, deshabilitar 443 podría causar que ciertas cosas se rompan, como la VPN de acceso remoto y los portales de Check Point. Si bien no se recomienda hacer esto porque romperá ciertas funciones, puede deshabilitar la conectividad a 443 usando sk165937. El sk proporciona dos métodos, el primero en 'Para deshabilitar la conexión a Security Gateway en el puerto TCP 80 y en el puerto TCP 443' y el método alternativo para crear una regla SAM que bloquea el tráfico 443.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events