It has been reported that a service pack has been released by Checkpoint to address this problem. For FW-1 4.0, this is SP5. It is available at their website. A suitable solution may be to establish egress filtering. Information can be found on this subject at: http://www.sans.org/y2k/egress.htm Check Point Software Firewall-1 4.0
Check Point FireWall-1 Internal IP Address Exposure
Remote / Network Access
Loss of Confidentiality
Check Point Firewall-1 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the firewall sends packets to a client, it may disclose internal IP addresses resulting in a loss of confidentiality.
Upgrade to version 4.0 SP5 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: implement egress filtering on the network perimeter