AnsweredAssumed Answered

Exclude CPM traffic from implied rules

Question asked by William Garner Employee on Jul 2, 2017
Latest reply on Feb 15, 2018 by 257658b7-4137-449e-8a0a-0baf97f9f08c

I need the ability to manage a remote R80.10 SmartCenter that is on the other side of a Check Point R80.10 GW. The two locations are connected via a site to site VPN. CPM traffic from remote SmartConsole client R80.10 is sent in the clear to R80.10 SmartCenter because of implied rules instead of being encrypted by the site to site VPN.

 

SK105719 describes the procedure in earlier versions by removing CPMI from the implied rules but does not reference CPM. I have verified that turning off all implied rules in global properties will fix the problem but I only want to remove CPM (tcp 19009) and CPMI (tcp 18190).

 

Thanks!

Outcomes