This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Anna_Habenegg
Explorer
‎2018-05-08 02:36 AM

IPS-Blocks between FW Gateways

Hello Check Mates,

The IPS on the border firewalls at our customers site blocks management traffic (mostly port 18264) from other Check Point Gateways. 

The firewalls communicate to the external IP of the border gateway.

See the pictures atteched.

Do you have any idea why this happens?

Best regards Anna

FW-BR_IPS_2.JPG
Preview file
127 KB
FW-BR_IPS_1.JPG
Preview file
149 KB
FW-BR_IPS_3.JPG
Preview file
144 KB
0 Kudos
2 Replies
Mario_Zuker
Employee
Employee
‎2018-05-09 03:39 AM

Hi Anna,

 

On a first look the attached logs look suspicious

The client type in the logs hints the source of these connections is not a CP gateway

The fact that target is port 18264 FW1_ica_services may be significant here

 

TCP port 18264 is the port used for FW1_ica_services 

It is possible to use internal CA certificates for client connections as well as for site-to-site connections with other gateways,  these VPN peers must be given access to the CRL list through FW1_ica_services 


Please send me PM to further discuss this, my email is marioz@checkpoint.com

Best Regards, Mario
marioz@checkpoint.com

Anna_Habenegg
Explorer
‎2018-05-11 03:16 AM
In response to Mario_Zuker

HI Mario,

thanks for the reply!

I will check your reccommendation with the custoemr and give you feedback as soon as I've testet it.

BR Anna

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top