2.5.5 Ensure allowed-client is set to those necessary for device management

Information

Permit only the necessary IP addresses to be used to manage the device.

Rationale:

Management access to the device should be restricted to the IP addresses or subnets used by firewall administrators. Permitting management access from other IP addresses increases the risk of unauthorized access through password guessing, stolen credentials, or other means.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Run the following command to remove the IP Address or Network from allowed-client list.
CLI:

Hostname> delete allowed-client host (ipv4-address | ipv6-address) <IP Address>
Hostname> delete allowed-client network (ipv4-address | ipv6-address) <Network>



GUI:

Navigate to System Management > Host Access > Allowed Hosts > Select and Delete the not required IP address or Network

Default Value:

Any

See Also

https://workbench.cisecurity.org/files/2828

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(11)

Plugin: CheckPoint

Control ID: b765788df04add09ffe61b0f81b4876a228f61192aa2a926d7bfd5b7b09d8601