Try this instead:
http://xx.xx.xx.xx:18264
Perhaps someone can chime in as to why the ICA needs to be available to
"source-any" at all. I assumed it was so that certificate authentication
could be performed before setting up a VPN, but maybe that's a bad
assumption.
Ray
From: Cheong Ket Vin <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: Re: [FW-1] Closing port 18264
Date: Fri, 3 Jun 2005 10:40:44 +0800
Hi List,
One of the concern on this issue, is that this port is leaking information,
telling others it is a checkpoint firewall.
# telnet xx.xx.xx.xx 18264
Trying xx.xx.xx.xx...
Connected to xx.xx.xx.xx.
Escape character is '^]'.
?
HTTP/1.0 400 Bad Request
Date: Fri, 03 Jun 2005 10:43:03 GMT
Server: Check Point SVN foundation/NG FP2
Content-Type: text/html
Connection: close
It is neccessary for the port to be openned. So what I should look for is
the
way to tuned the webserver not to return the checkpoint server header.
I think it is not recommended by checkpoint to manually tweak the nokia
webserver conf file, but is there anyone of you play with that before?
Thanks
On Friday 03 June 2005 04:13 am, Ray wrote:
> Disable the control & remote access connection implied rules and
manually
> create just the rules you need with the appropriate source and
destination.
> Be in for some pain, though, and make sure you go through the SK
> knowledgebase looking for many articles on how to do this properly.
>
> Ray
>
> >From: Cheong Ket Vin <[EMAIL PROTECTED]>
> >Reply-To: Mailing list for discussion of Firewall-1
> ><[email protected]>
> >To: [email protected]
> >Subject: [FW-1] Closing port 18264
> >Date: Thu, 2 Jun 2005 18:05:09 +0800
> >
> >Hi list,
> >
> >
> >We run penetration test lately on checkpoint FP3 running on Nokia IP350
> > box and found that port 18264 is currently open.
> >
> >I knew that 18264/tcp is FW1_ica_services for CheckPoint Internal CA to
> >fetch
> >CRL and User Registration Services. But is there anyway to shutdown
that
> >port
> >on the interface facing internet ?
> >
> >
> >Thanks
> >
> >********************* Confidentiality Notice **************************
> >This message contains confidential information and is intended only for
> >the individual named. If you are not the named addressee you should
> >not disseminate, distribute or copy this e-mail. Please notify the
> >sender immediately by e-mail if you have received this e-mail by
> >mistake and delete this e-mail from your system.
> >*****************************************************************
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages,
> >send an email to [EMAIL PROTECTED]
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email
> >[EMAIL PROTECTED]
> >=================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
********************* Confidentiality Notice **************************
This message contains confidential information and is intended only for
the individual named. If you are not the named addressee you should
not disseminate, distribute or copy this e-mail. Please notify the
sender immediately by e-mail if you have received this e-mail by
mistake and delete this e-mail from your system.
*****************************************************************
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
