Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Shahar_Grober
Advisor

SMB inspection

Hi Gurus,

Is there a way to inspect access to specific shares using SMB on R80.10 

is there a resource for SMB as there is a resource for CIFS which allow creating a rule with access only to specific share

from what I have checked, CIFS resource is working with  microsoft-ds service which uses port 445 which is the same as SMB. is this equivalent configuration to SMB inspection?

 

Does anyone know what the performance implication of enabling it on a security policy rule (does it disable SecureXL)?

Can someone point out how to configure it (documentation/SK)? 

0 Kudos
2 Replies
Benoit_Verove
Contributor

Hi,

I've never tried but there is an SK for activating inspection (AV, & TE) on SMB : sk101606

You have to do that with Guibdedit, not in the smart console.

Regards,

Benoit

0 Kudos
Shahar_Grober
Advisor

sk101606  SMB/CIFS traffic by Anti-Virus blade or Threat Emulation blade.

I am talking about restricting access for a specific path 

the topology is:

 APP server on DMZ ----> Check Point R80.10 cluster ----> File Server 

The connection between the APP Server on the DMZ to the file server is via SMB. the App is accessing a specific directory on the file server and pulling files.  

we tested it with CIFS resource but:

1. CIFS Resource doesn't work in R80.10 (sk110519 -  When configuring a rule with CIFS resource, policy enforcement does not work as expected and is denied to access all the permitted CIFS shares. As a result, all CIFS traffic is dropped.PRHF-612,
PMTR-12889, PMTR-17086, PMTR-17087 )

2. CIFS resources disable SecureXL accept templates  

Any other idea on how to restrict SMB access to a specific path on the file server via Check Point gateway will be very helpful

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events