https://community.checkpoint.com/t5/Firewall-and-Security-Management/Tacacs-on-different-port/m-p/115693#M16298 <P>Thanks Tim, thats good to know!!</P> Fri, 09 Apr 2021 14:16:04 GMT the_rock 2021-04-09T14:16:04Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Tacacs-on-different-port/m-p/115650#M16287 <P>Hello,</P><P>I need to contact the Tacacs server from the Security Gateway on a custom port instead of the default port(49).<BR />Standard step don't include the option to set the port. There is a way to change the port 49?<BR /><BR /><BR />Regards,</P><P>Charlie</P> Fri, 09 Apr 2021 11:14:59 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Tacacs-on-different-port/m-p/115650#M16287 charlie 2021-04-09T11:14:59Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Tacacs-on-different-port/m-p/115667#M16290 <P>Are you not able to create custom service and then assign a port to it?</P> Fri, 09 Apr 2021 11:11:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Tacacs-on-different-port/m-p/115667#M16290 the_rock 2021-04-09T11:11:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Tacacs-on-different-port/m-p/115668#M16291 <P>The source it's the Firewall that have a tacacs configured, but for some reason we need to change the port from 49 to a new one.<BR />From Firewall I can set priority, ip and the key, but I need to change the port.</P> Fri, 09 Apr 2021 11:19:44 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Tacacs-on-different-port/m-p/115668#M16291 charlie 2021-04-09T11:19:44Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Tacacs-on-different-port/m-p/115669#M16292 <P>Would you mind share screenshot?</P> Fri, 09 Apr 2021 11:29:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Tacacs-on-different-port/m-p/115669#M16292 the_rock 2021-04-09T11:29:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Tacacs-on-different-port/m-p/115672#M16293 <P>This is the Checkpoint Tacacs+ server configuration</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Tacacs.PNG" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/11320iD14D43ADA7FE077E/image-size/medium?v=v2&amp;px=400" role="button" title="Tacacs.PNG" alt="Tacacs.PNG" /></span></P><P>I hope that there is a conf file where I can change the default port</P> Fri, 09 Apr 2021 11:36:55 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Tacacs-on-different-port/m-p/115672#M16293 charlie 2021-04-09T11:36:55Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Tacacs-on-different-port/m-p/115674#M16294 <P>Ok, got it. Not sure if below link might help, but maybe someone else can chime in. I know you can change ssh port easily from /etc/ssh, but I dont see anything in /etc for tacacs, really sorry mate.</P> <P>&nbsp;</P> <P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&amp;eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk101573" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&amp;eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk101573</A></P> Fri, 09 Apr 2021 11:54:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Tacacs-on-different-port/m-p/115674#M16294 the_rock 2021-04-09T11:54:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Tacacs-on-different-port/m-p/115685#M16295 <P>It appears the only way to do this is to hack the tacacs service definitions in the /etc/services file from expert mode; I just tried changing the TACACS port to 149, rebooted and it worked.&nbsp; The /etc/services file is not auto-generated upon Gaia system startup so your changes should stick.&nbsp;</P> <P>However be sure to document this /etc/services file change as it is likely to get overwritten by a version upgrade or even possibly a Jumbo HFA installation.&nbsp; You'll need to manually check that your port change survived after either of these types of operations.</P> Fri, 09 Apr 2021 13:36:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Tacacs-on-different-port/m-p/115685#M16295 Timothy_Hall 2021-04-09T13:36:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Tacacs-on-different-port/m-p/115689#M16297 <P>Thanks!!!</P><P>I'm going to discuss with the Team If we really need to perform this change or we can avoid<BR /><BR />Regards</P> Fri, 09 Apr 2021 13:40:28 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Tacacs-on-different-port/m-p/115689#M16297 charlie 2021-04-09T13:40:28Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Tacacs-on-different-port/m-p/115693#M16298 <P>Thanks Tim, thats good to know!!</P> Fri, 09 Apr 2021 14:16:04 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Tacacs-on-different-port/m-p/115693#M16298 the_rock 2021-04-09T14:16:04Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Tacacs-on-different-port/m-p/137073#M20744 <P>The easyest way to do that is configuring a destination NAT where you should tell the firewall every time the firewall IP try to reach the tacacs IP on port 49 change the destination port to xxxx. We did it on our environment and it works well.</P> Thu, 23 Dec 2021 11:39:49 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Tacacs-on-different-port/m-p/137073#M20744 KhevynLerroy 2021-12-23T11:39:49Z