Re: [FW-1] Open ports

Sun, 17 Nov 2002 08:36:15 -0800

Title: RE: [FW-1] Open ports

Port 80 is not for telnet, but for web access...

I would suggest you turn of 80 but then use 443 (https)

Leave ftp cause you will need it for updates (you can turn it off now, and on when you need it)

Do NOT use telnet (everything is in clear text)
Use SSH instead...

Just setup management station ips (static of course) that are allow to access the nokia/checkpoint

With the config that I gave before this will secure it where only you (who every you give access) can gain access to it...

-Robert Nall

-----Original Message-----
From: Hasan, Irfan [mailto:[EMAIL PROTECTED]]
Sent: Sunday, November 17, 2002 9:36 AM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Open ports


Many thanks for all the response.

I can't trun off Voyager because I need to use it from local network for management.

When I telnet to port 80 or use web browser from internet there is no response but when I use Retina Network scanner it says the port 80 is open.

Is there a way to shut-off port 80 on Internet interface and keep it live on LAN connection???


        -----Original Message-----
        From: Cheth [mailto:[EMAIL PROTECTED]]
        Sent: Sun 11/17/2002 5:52 PM
        To: [EMAIL PROTECTED]
        Cc:
        Subject: Re: [FW-1] Open ports



        Sure....but that wasn't Irfan's point. His point was that the firewall rule
        should be dropping the traffic, but isn't.

        Regards,

        C.


        ----- Original Message -----
        From: "<Aaron Reynolds>" <[EMAIL PROTECTED]>
        To: <[EMAIL PROTECTED]>
        Sent: Friday, November 15, 2002 5:00 PM
        Subject: Re: [FW-1] Open ports


        > You need to go into voyager and turn the stuff off.  The firewall can have
        > services listening, which will then be blocked by the rulebase.  It is
        best
        > to turn them off in voyager, so you don't accidentally open something up.
        >
        > -Aaron
        >
        > -----Original Message-----
        > From: Carlos Santos [mailto:[EMAIL PROTECTED]]
        > Sent: Friday, November 15, 2002 8:51 AM
        > To: [EMAIL PROTECTED]
        > Subject: Re: [FW-1] Open ports
        > Importance: High
        >
        >
        > It's rather strange you have that, but then again, never worked with a
        > nokia equip so why don't you try a more direct aproach like
        >
        > Any -> FW-Module -> Any -> Drop -> Log
        >
        > Hope it helps
        >
        > CS
        >
        > -----Original Message-----
        > From: Mailing list for discussion of Firewall-1
        > [mailto:[EMAIL PROTECTED]] On Behalf Of
        > Hasan, Irfan
        > Sent: sexta-feira, 15 de Novembro de 2002 15:15
        > To: [EMAIL PROTECTED]
        > Subject: [FW-1] Open ports
        >
        >
        > I'm using Checkpoint NG FP2 on Nokia IP330.
        >
        > I've only two rules in my firewall
        >
        > Source                     Destination     Service        Action
        >
        > LAN (10.1.1.x)       Any                Any             Allow
        >
        > Any                         Any                Any             Drop
        >
        > I removed all implied rules.
        >
        > But when I scan my firewall Internet connection from Internet,
        >
        >  I found Port 21, 80 and 389 are open.
        >
        > How do close all these open ports ??
        >
        > Hope someone give me a clue. Thks... Irfan
        >
        > =================================================
        > To set vacation, Out Of Office, or away messages,
        > send an email to [EMAIL PROTECTED]
        > in the BODY of the email add:
        > set fw-1-mailinglist nomail
        > =================================================
        > To unsubscribe from this mailing list,
        > please see the instructions at
        > http://www.checkpoint.com/services/mailing.html
        > =================================================
        > If you have any questions on how to change your
        > subscription options, email
        > [EMAIL PROTECTED]
        > =================================================
        >
        >
        > _____________________________________________________________________
        >                       INTERNET MAIL FOOTER
        > A presente mensagem pode conter informa��o considerada confidencial.
        > Se o receptor desta mensagem n�o for o destinat�rio indicado, fica
        > expressamente proibido de copiar ou endere�ar a mensagem a terceiros.
        > Em tal situa��o, o receptor dever� destruir a presente mensagem e por
        > gentileza informar o emissor de tal facto.
        > ---------------------------------------------------------------------
        > Privileged or confidential information may be contained in this
        > message. If you are not the addressee indicated in this message, you
        > may not copy or deliver this message to anyone. In such case, you
        > should destroy this message and kindly notify the sender by reply
        > email.
        > ---------------------------------------------------------------------
        >
        > =================================================
        > To set vacation, Out Of Office, or away messages,
        > send an email to [EMAIL PROTECTED]
        > in the BODY of the email add:
        > set fw-1-mailinglist nomail
        > =================================================
        > To unsubscribe from this mailing list,
        > please see the instructions at
        > http://www.checkpoint.com/services/mailing.html
        > =================================================
        > If you have any questions on how to change your
        > subscription options, email
        > [EMAIL PROTECTED]
        > =================================================
        >
        > =================================================
        > To set vacation, Out Of Office, or away messages,
        > send an email to [EMAIL PROTECTED]
        > in the BODY of the email add:
        > set fw-1-mailinglist nomail
        > =================================================
        > To unsubscribe from this mailing list,
        > please see the instructions at
        > http://www.checkpoint.com/services/mailing.html
        > =================================================
        > If you have any questions on how to change your
        > subscription options, email
        > [EMAIL PROTECTED]
        > =================================================
        >

        =================================================
        To set vacation, Out Of Office, or away messages,
        send an email to [EMAIL PROTECTED]
        in the BODY of the email add:
        set fw-1-mailinglist nomail
        =================================================
        To unsubscribe from this mailing list,
        please see the instructions at
        http://www.checkpoint.com/services/mailing.html
        =================================================
        If you have any questions on how to change your
        subscription options, email
        [EMAIL PROTECTED]
        =================================================


=================================================
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail =================================================
To unsubscribe from this mailing list,
please see the instructions at http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED] =================================================

Reply via email to