Re: IPS-Blocks between FW Gateways

Anna_Habenegg · ‎2018-05-08

Hello Check Mates,

The IPS on the border firewalls at our customers site blocks management traffic (mostly port 18264) from other Check Point Gateways.

The firewalls communicate to the external IP of the border gateway.

See the pictures atteched.

Do you have any idea why this happens?

Best regards Anna

Mario_Zuker · ‎2018-05-09

Hi Anna,

On a first look the attached logs look suspicious

The client type in the logs hints the source of these connections is not a CP gateway

The fact that target is port 18264 FW1_ica_services may be significant here

TCP port 18264 is the port used for FW1_ica_services

It is possible to use internal CA certificates for client connections as well as for site-to-site connections with other gateways, these VPN peers must be given access to the CRL list through FW1_ica_services

Please send me PM to further discuss this, my email is marioz@checkpoint.com

Best Regards, Mario
marioz@checkpoint.com

Anna_Habenegg · ‎2018-05-11

HI Mario,

thanks for the reply!

I will check your reccommendation with the custoemr and give you feedback as soon as I've testet it.

BR Anna

Are you a member of CheckMates?

IPS-Blocks between FW Gateways