Re: [FW-1] Encrypt all communitcations between remote Security Gateway and local SmartCenter Server

Tue, 10 May 2011 04:37:07 -0700 

yes, CP specific
and all of them should be opened in implied rules.

On Tue, May 10, 2011 at 2:27 PM, carlopmart <carlopm...@gmail.com> wrote:
> On 05/10/2011 01:17 PM, Alexey Baltacov wrote:
>>
>> Possible you have implied rules enabled,
>> that's why you will see ports opened for ssl extender/webui/ssh and
>> many other services.
>> Many of them are checkpoint specific and have fingerprints nessus can
>> identify.
>> You have to carefully review implied rules, make regular rules in
>> order to enable same functionality but limited to your needs and then
>> disable implied rules.
>> After it your scan again and see that GW stop to be identified any more as
>> CP.
>>
>
> Nessus and nmap detects these ports: 256 (tcp), 259 (udp), 4500 (udp), 18191
> (tcp), 18192 (tcp), 18208 (tcp). Except for 4500, all are checkpoint related
> ...
>
> As you an see, ssl extender, webui and ssh are disabled (ssh is allowed only
> for SCS). I am doing these scans from my home workstation ...
>
>
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
>
> Scanned by Check Point Total Security Gateway.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to lists...@amadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ow...@ts.checkpoint.com
> =================================================
>



-- 
Sincerely,

Alexey Baltacov
drongt...@gmail.com | Tel: +972-504989954

Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================

Scanned by Check Point Total Security Gateway.

Reply via email to