Possible you have implied rules enabled, that's why you will see ports opened for ssl extender/webui/ssh and many other services. Many of them are checkpoint specific and have fingerprints nessus can identify. You have to carefully review implied rules, make regular rules in order to enable same functionality but limited to your needs and then disable implied rules. After it your scan again and see that GW stop to be identified any more as CP.
On Tue, May 10, 2011 at 2:02 PM, carlopmart <[email protected]> wrote: > On 05/10/2011 12:49 PM, Alexey Baltacov wrote: >> >> Checkpoint VPN is policy based, even in tunnel mode, so you are unable >> to configure IPSEC settings via the command line on GW. >> It is also not recommended to encrypt SIC communications, because in >> case of VPN down or Policy problem you will loose access to the >> gateway and will be unable to install new policy before unload local >> Bottom line, in case of any problem with encrypted communications, for >> any reason, your steps to fix it will be complicated >> >> Alexey >> > > Thanks Alexey. I am evaluating prons and cons about encrypt communications > between SCS and splat gateway using ipsec or another type of encryption. > > But doing some scans with nessus and nmap against this splat remote gw, all > revealed that it is a CheckPoint firewall. > > Can I almost change this?? I have installed a default policy with only two > rules: > > a) SCS to GW, allow all ports. > b) Any to GW, deny all (stealth rule) > > I don't have IPS soft blade license. > > Thanks. > > -- > CL Martinez > carlopmart {at} gmail {d0t} com > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > -- Sincerely, Alexey Baltacov [email protected] | Tel: +972-504989954 Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
