Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
umar7
Contributor

port 264 queries whether its need or not

We have the following questions regarding FW1_topo traffic.

  1. What is FW1_topo traffic for?
  2. What is the impact to our production environment when a known IOC IP address had established connection with our firewall using FW1_topo service?
  3. Is allowing FW1_topo service by default necessary in our environment?
  4. Can we disable this implied rule?
  5. If yes, how can we disable it? And what is the impact of disabling this implied rule?
0 Kudos
4 Replies
Chris_Atkinson
Employee Employee
Employee

Is your gateway configured for remote access VPN?

Please refer:

sk60773: [RST, ACK] response to TCP/264

sk132712: Vulnerability scan shows ports 18231 and 264 open under LISTEN mode when using TLS1.0 and TLS1.1 - reference CVE-2000-1201

sk69360: Check Point response to SecuRemote Topology Service Hostname Disclosure

sk62692: Ports used on Security Gateway for SecureClient and Endpoint Security VPN

 

If you have no plans to leverage Check Point remote access disabling this global option may also work for you:

264.png

 

CCSM R77/R80/ELITE
umar7
Contributor

hello guys ,

       thanks for the information i will update and if i have any queries regarding this issue . i will update the chat tail.

 

0 Kudos
Blason_R
Leader
Leader

As suggested by @Chris_Atkinson this is used for fetching the Topology by Remote Access VPN users. if you dont use this feature you can disable it using Implied rules and those are correct sks given by him and if you are following those it should not be a problem.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
the_rock
Legend
Legend

Chris is spot on with those SKs as @Blason_R said.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events