Thursday, December 27, 2018

Checkpoint FW failing Network Scan Test. Please help with hardening

How do I harden my CP firewall? I have all sorts of ports open that I do not want open and I'm failing scan test. I have UDP port 500 open, some other port of 18264, 264, and worse of all I'm unable to turn off SSL externally and it is supports TLS.1.0.

I have worked with my other firewall and never had an issue like this. I had about 50 ports open, and their tac had me make a stealth rule. This stealth rule blocked a lot of ports, but this CP still has open ports.

I have never had this issue on my SRX, Palo, Fortinet or ScreenOS, I more of a CLI Jockey, CP and the way they do things are very counter-intuitive to me.



No comments:

Post a Comment