CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 2 of 2

Thread: Broadcast & Noisy traffic rules

  1. 2014-04-03 #1
    CiscoGuy
    CiscoGuy is offline Junior Member
    Join Date
    2014-03-07
    Posts
    7
    Rep Power
    0

    Default Broadcast & Noisy traffic rules

    Hi Peeps



    im trying to define a noisy traffic + broadcast rule within CP 4800 , just to keep the logs little bit manageable. Question is what sort of objects required ? , services i need to specify ? drop or reject


    Thanks

    CiscoGuy
    Reply With Quote Reply With Quote
  2. 2014-04-04 #2
    sdawkiins
    sdawkiins is offline Junior Member
    Join Date
    2014-04-01
    Location
    Bath, UK
    Posts
    11
    Rep Power
    0

    Default Re: Broadcast & Noisy traffic rules

    Hello CiscoGuy!

    I am no expert and do not claim this to be best practice but what I have configured on our firewalls is as follows (these rules are located just above the cleanup).

    Source:any Destination:any Service: ICMP-Requests Action: (Depending on your company policy) Drop/Accept dont log (can enable logging for troubleshooting)
    Source:any Destination:any Service: NBT(predefined) Action: drop, dont log
    Source:any Destination:any Service: Netvault (Backup software that is noisy if you use it) Action: Drop (Ensure you have specific rules above if you use it, otherwise backups will fail), dont log

    Just a few examples from a few of our firewalls.

    Also, if you do not care what traffic is dropped, and are able to enable the logging for troubleshooting you can just not log on your cleanup.

    Even without enabling the logging on the cleanup, providing you are not running SecureXL at the time you can use the following command to see what is being dropped in real time: fw ctl zdebug drop

    Hope this helps.

    Sam
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. Very Low Risk Category is allowing IE & Chrome browsers to bypass proceeding rules
    By Bladez in forum Application Control Blade
    Replies: 1
    Last Post: 2012-02-24, 11:06
  2. Inbound traffic doesn't match any of the rules after upgrading so it's dropped?
    By Spacetrucker in forum Installing And Upgrading
    Replies: 13
    Last Post: 2009-12-18, 12:30
  3. QOS Rules Inbound & Outbound
    By soundsfuzzy in forum QoS (Quality of Service) (Formerly FloodGate-1)
    Replies: 0
    Last Post: 2006-09-07, 20:46
  4. Import Rules & Objects
    By Waylander in forum Miscellaneous
    Replies: 3
    Last Post: 2006-09-05, 11:23
  5. Blocking P2P & IM Traffic
    By spootnicks in forum IPS Blade (Formerly SmartDefense)
    Replies: 4
    Last Post: 2006-05-30, 04:33

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules