This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
umar7
Contributor
‎2023-01-03 11:53 PM

port 264 queries whether its need or not

We have the following questions regarding FW1_topo traffic.

  1. What is FW1_topo traffic for?
  2. What is the impact to our production environment when a known IOC IP address had established connection with our firewall using FW1_topo service?
  3. Is allowing FW1_topo service by default necessary in our environment?
  4. Can we disable this implied rule?
  5. If yes, how can we disable it? And what is the impact of disabling this implied rule?
0 Kudos
4 Replies
Chris_Atkinson
Employee
Employee
‎2023-01-04 12:03 AM

Is your gateway configured for remote access VPN?

Please refer:

sk60773: [RST, ACK] response to TCP/264

sk132712: Vulnerability scan shows ports 18231 and 264 open under LISTEN mode when using TLS1.0 and TLS1.1 - reference CVE-2000-1201

sk69360: Check Point response to SecuRemote Topology Service Hostname Disclosure

sk62692: Ports used on Security Gateway for SecureClient and Endpoint Security VPN

 

If you have no plans to leverage Check Point remote access disabling this global option may also work for you:

264.png

 

umar7
Contributor
‎2023-01-05 01:48 AM
In response to Chris_Atkinson

hello guys ,

       thanks for the information i will update and if i have any queries regarding this issue . i will update the chat tail.

 

0 Kudos
Blason_R
Advisor
‎2023-01-04 06:43 PM

As suggested by @Chris_Atkinson this is used for fetching the Topology by Remote Access VPN users. if you dont use this feature you can disable it using Implied rules and those are correct sks given by him and if you are following those it should not be a problem.

the_rock
Legend
Legend
‎2023-01-04 07:51 PM

Chris is spot on with those SKs as @Blason_R said.

0 Kudos