CIS Check Point Firewall L2 v1.1.0

Audit Details

Name: CIS Check Point Firewall L2 v1.1.0

Updated: 4/25/2022

Authority: CIS

Plugin: CheckPoint

Revision: 1.4

Estimated Item Count: 18

File Details

Filename: CIS_Check_Point_Firewall_Level_2_v1.1.0.audit

Size: 30 kB

MD5: da1201ddd13dfa1042d35e7bdc2fb1ef
SHA256: 4cbaf6144cc0c9d1a83ff89893bd28a39d3d3a35aa3c75cf40fc46dc61ad98f0

Audit Items

DescriptionCategories
2.5.5 Ensure allowed-client is set to those necessary for device management

SYSTEM AND COMMUNICATIONS PROTECTION

3.1 Enable the Firewall Stealth Rule

SYSTEM AND COMMUNICATIONS PROTECTION

3.2 Configure a Default Drop/Cleanup Rule

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.4 Ensure Hit count is Enable for the rules

SECURITY ASSESSMENT AND AUTHORIZATION

3.5 Ensure no Allow Rule with Any in Destination filed present in the Firewall Rules

CONFIGURATION MANAGEMENT

3.6 Ensure no Allow Rule with Any in Source filed present in the Firewall Rules

CONFIGURATION MANAGEMENT

3.7 Ensure no Allow Rule with Any in Services filed present in the Firewall Rules

CONFIGURATION MANAGEMENT

3.8 Logging should be enable for all Firewall Rules

AUDIT AND ACCOUNTABILITY, SECURITY ASSESSMENT AND AUTHORIZATION

3.9 Review and Log Implied Rules

AUDIT AND ACCOUNTABILITY

3.10 Ensure Drop Out of State TCP Packets is enabled

SECURITY ASSESSMENT AND AUTHORIZATION

3.11 Ensure Drop Out of State ICMP Packets is enabled

SECURITY ASSESSMENT AND AUTHORIZATION

3.12 Ensure Anti-Spoofing is enabled and action is set to Prevent for all Interfaces

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

3.14 Ensure Accept RIP is not enabled

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

3.15 Ensure Accept Domain Name over TCP (Zone Transfer) is not enabled

CONFIGURATION MANAGEMENT

3.16 Ensure Accept Domain Name over UDP (Queries) is not enabled

CONFIGURATION MANAGEMENT

3.17 Ensure Accept ICMP Requests is not enabled

CONFIGURATION MANAGEMENT

3.18 Ensure Allow bi-directional NAT is enabled

CONFIGURATION MANAGEMENT

3.19 Ensure Automatic ARP Configuration NAT is enabled

CONFIGURATION MANAGEMENT