Great stuff!

Thank you for the diagram. It will be helpful.

Maybe you can complement with the connections that are used to update services or signatures, like IPS is the SmartDashboard that goes online if it's a manual update, the application control is the smart center, etc, etc. 

Regards,

Ivo

Nicely done!

I think it's great.

Maybe you can get a bigger overview with more balades. I think that's very helpful.

I have released a new version 0.9 with the following features:
- VPN connections
- Secure Client
- Update server Check Point
- Sandblast Appliance
- DNS/NTP

Regards,

Heiko

Found a small bug in my drawing.
NAT-T is UDP 4500

Regards,

Heiko

I have released a new version 0.9b with the following features:

- Identity Awareness

- Smart Reporter + Smart Event + Event Agent

- bug fixed

Regards,

Heiko

You may add Identity Collector in it  sorry about the diagram "quality work"

THX

I will update it in the next version!

Regards,

Heiko

I decided to rename the document.

Hope you don't mind

Identity Collectors is completed!

Is ok!

Awesome!

Hello,

Thanks, usefull diagram for R77. Would be very interesting for R80.XX!

We tried to get such information from the Support for R80.10 after we found out that opening 19009 was mandatory between management servers and log servers (DBsync<->CPM).

As per our Diamond Engineer it seems that R&D think it's not necessary to add the information in sk52421...  

THX for this info.

I checked this port 19009. See Wireshark:

I think this is the database query from the DashBoard to the Management Server.

Check Point KB SK says:

I will add the R80.xx ports in the next version.

Regards,

Heiko

I have added R80 ports.

Regards,

Heiko

Hello Heiko, I know that SmartConsole R80.10 needs TCP19009 to connect to the management server, this is explained in the sk

But what the sk does not explains is that all management servers (including dedicated log servers) need to connect to each other using TCP19009. We noticed that when we noticed CPM packets dropped between our management servers (including dedicated log servers).

By the way thanks for the new diagram

Nice R80 port update!

You can add routing protokolls.

gateway <—-> bgp, ospf, rip,...

I add this in the next version. thx

Hi heiko, such an overview, I have been looking for 10 years 

To be clear, we've had an SK with the this information for years.

Back in my books, I did have a diagram showing some of this.

This is definitely a more complete diagram.

I think Dameon is right about his statement. This information has been available since version 4.0 FW-1 and I have been working with Check Point since version 3.
A very good overview of the ports can also be found in sk52421. This article is available since 12-Aug-2010 and longer.  I have already seen this in version 4.0 at Check Point User Center.

Over the years I have also found many good diagrams in books.

Why do I make a diagram?

I think a picture says more than 1000 words!

Please help us with good ideas to expand the chart.

Thanks in advance.

Regards,

Heiko

A picture like this one is definitely saying much more than words

There is also TCP8211 between management servers and log servers.

Is it me. Or am I missing RADIUS itself? And TACACS can also be used to authenticate.

Do you think you can squeze these into the drawing?

Thx

Port 8211 is from R80 Multi-Domain Security Management Server to the Log Server.

I have not yet drawn up any communication for multi-domain management, vsx and 41/61K SyncXL.

But I'll do that in another drawing.Unfortunately, no more objects fit on an A3 sheet. But it will come!

Regards,

Heiko

A picture like this one is definitely saying much more than words or port lists.