Check Point Information for VU#446689
Check Point FireWall-1 allows fragmented packets through firewall if Fast Mode is enabled
Not all hosts protected by the firewall are vulnerable, only a specific subset:
- hosts used in the "Destination" column of a rule utilizing Fastmode, or
- hosts at least one router hop away from the firewall
Also, the hosts must be reachable/routable from the attacker's side of the firewall; ie, in order for a host to be vulnerable, either no address translation or static (1-to-1) address translation must be used for that hosts. In a network using RFC 1918 addresses, where all outbound hosts hide behind a single IP address, none of the protected hosts would be vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.