Re: [fw-wiz] checkpoint authentication on external interface



I have looked at the implied rules and I do have an explicit rule to
deny all and I don't see anything that would allow this connection.
I even created a rule to block this and put it at the top and still
don't see any changes.

To answer the other emails, Yes, I'm sure I could put an ACL in the
front router to block access, but I was hoping to find a better
solution.

Frank




Hi Frank,
Even if the daemon is listening on the port, you still have to go through
the rulebase to be able to connect.
You should verify if the ports are allowed either in implied or explicit
rules. (try to enable the logs on the implied rules
for a short time to get some logs about the auth).

I recommend to use explicit rules and allow only from explicit sources.

I agree it's better if the daemon accepts connections only on internal IPs,
but for this you have to ask checkpoint how to do.

thanks

Frank
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards




_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards




--
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked. — White House Cybersecurity
Advisor, Richard Clarke
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards