topic Re: Port Requirement - Management Server and Gateways in Cloud Firewall

Port Requirement - Management Server and Gateways

LostBoY — Tue, 02 Jun 2020 12:55:20 GMT

Hello,

What is the exact port requirement between a Management Server and the Gateways/Clusters.

My Mgmt Server and GWs are in different Networks so need to open ports for communication

Thanks

Re: Port Requirement - Management Server and Gateways

masher — Tue, 02 Jun 2020 14:54:06 GMT

Check Point has implied rules which usually allow communications between management and gateways.

sk115600 shows how to view the implied rules in order to see specific management <-> gateway firewall rules.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk115600

sk52421 includes all of the ports used by Check Point's software.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk52421

Re: Port Requirement - Management Server and Gateways

Wolfgang — Tue, 02 Jun 2020 19:26:18 GMT

Just have a look at @HeikoAnkenbrand really nice paintings.

R80-x-Ports-Used-for-Communication-by-Various-Check-Point

Wolfgang

Re: Port Requirement - Management Server and Gateways

LostBoY — Wed, 03 Jun 2020 14:18:01 GMT

Thanks for the reply... are implied rules automatically applied even when Mgmt Server and Firewalls are in different Network ? or do i have to allow these manually in the policy

Re: Port Requirement - Management Server and Gateways

LostBoY — Wed, 03 Jun 2020 14:18:14 GMT

Thanks. gr8 link

Re: Port Requirement - Management Server and Gateways

Wolfgang — Wed, 03 Jun 2020 18:50:33 GMT

Yes, the implied rules for the control connections are using the main IP address of the gateway and management objects.

Wolfgang

Re: Port Requirement - Management Server and Gateways

Shira — Fri, 08 Nov 2024 12:48:04 GMT

I am in same situation. i need to allow the traffic in my internal firewall, for this i need details of ports which needs to be open between mgmt server and the firewall.

if you have made the list, please share the list.

Re: Port Requirement - Management Server and Gateways

PhoneBoy — Fri, 08 Nov 2024 18:05:58 GMT

This question is definitely answered by the links provided in this thread (which I've marked as "Solutions").

Re: Port Requirement - Management Server and Gateways

Don_Paterson — Fri, 08 Nov 2024 18:26:03 GMT

Pay close attention to the default implied rules in sk115600 and you must account for all the relevant IP addresses of your Check Point assets on the third party firewall.

The tcp 18209, 18210 and 18211 ports are important for automated SIC certificate renewal (and manual SIC trust establishment when relevant)

The automatic certificate renewal is done at 75% of the life of the 5 year SIC certificate life, if I remember correctly, so it's not an everyday port but every few years.