Hey Guys:
I've have done a vulnerability assessment on both R55 and an NGX (R61)
HA clusters using both Nmap and Nessus. Both tools show that port 80 is open
on the clusters' external VIP. Both nodes in the cluster are SecurePlatform.
When i try to access the external ip address of the cluster using a web
browser i get the following:
FW-1 at <firewall>: Unknown WWW server
When i check my logs, i see the Firewall accepting the request, but it
does not show the rule number allowing it.
Number: 451826
Date: 30Nov2006
Time: 13:44:30
Product: FloodGate-1
Interface:
Origin: <firewall name>
Type: log
Action: accept
Protocol: tcp
Service: http(80)
Source: <my external ip>
Destination: <external cluster vip>
Rule:
Current Rule #:
Rule Name:
Source Port: 52979
I can verfiy that the external ip address of the cluster is not being used
to NAT any http severs to. Why would port 80 be open??? Have any of you guys
come accross this before??? Need some help in explaining this.
Thanks in advance.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
