Thiago Calicchio wrote:
Is dangerous the
fact that the port 264 (BGMP) is routing to the Internet... I can identify
it from the Internet... This is rigth..What's
the function of BGMP ?
Hi,
port 264/tcp in a Check Point environment is the service FW1_topo for
the download of the topology with SecuRemote or SecureClient. The problem
you mention is one reason, why many admins turn off the VPN-1/FireWall-1
control connections in the Properties when not deploying these Clients.
If you turn them off, watch out to define the necessary explicite rules,
e.g. accepting GUI-access from PC to Management or the communication between
Management and remote Firewalls. A look in the GUI when selecting "View
implied rules" helps a bit.
If you don't use SecuRemote before Build 4100, in version 4.1/2000
you should deselect "Policy - Properties - Desktop Security - Respond to
Unauthenticated Topology Requests".
If this is turned on and the Control Connections are selected (as it's
default), everybody may download your topology information without any
authentication.
Hope it helps,
best regards,
Matthias
http://www.fw-1.de
--
AERAsec Network Services and Security GmbH
Wagenberger Straße 1
D-85662 Hohenbrunn, Germany
http://www.aerasec.de
|