Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
D_TK
Collaborator

LOM question

Wondering where most folks put the LOM port for an appliance - private network, publicly reachable but post firewall, or directly on the public network, flat to the firewall?

For years i've been putting mine on the private side, but i can see a ton of value placing them flat to the firewall on the public side.  For instance, at every location the ISP provides me a /29 for the handoff of which i immediately use 4 or the 6 public IPs - their gw, VIP, real-1, real-2.  So i have just enough IPs to place the LOM ports there.  But....are they hardened enough to be in a free fire zone?  Assume i'm using a complex password - any options to harden even more?

Appreciate your feedback.

 

 

 

0 Kudos
3 Replies
the_rock
Legend
Legend

Every customer I know does it on the LAN side, so if we ever need it, it has to be accessed via remote access VPN. In all honesty, in all my years dealing with CP, I had to use it probably 4 times max. Personally, but this is just me, I would not put it on publicly accessible IP address. The reason I say that is simply due to the fact you wont have a need for anyone to access the LOM portal often enough in the first place.

0 Kudos
CE_SE
Employee Employee
Employee

In theory Yes you could put the LOM on an external public IP. You could potential lock it down via other methods of authentication and provide access to only specific IP addresses (your home IP static and/or jump PC within your organization) Though I'm not sure I still would feel comfortable doing that. I much rather have a true out of band solution for all my hardware (router, switches, FWs, etc) 

Here is the LOM guide if you didn't already have it.

https://dl3.checkpoint.com/paid/73/733690c295a61c638b41ebd8ce744428/CP_Smart-1_5_6_7_13_15_16_21_23_...

the_rock
Legend
Legend

Good point @CE_SE 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events