Checkpoint Firewall Security

if you have Checkpoint FW make sure to tune some parameters as it has something called implied rules , sometime called rule number Zero , example by default DNS and DHCP traffic allowed .

to check implied rules go to view and last tab you will find implied rules .

 

what services you shall disable , it depend on security level you want by below what i recommend , also you can disable implied rules and insert regular rules in Firewall so its not a big deal .

go to policy –> global properties

 

After choose Firewall – this will view implied rules as below – uncheck the pointed ones with arrow

 

there is others rules in OSE , which can be disabled also

 

 

dont forget to install the new policy after finishing changing the rules , else it wont take an affect 

 

Advertisements