topic Re: SAML on a different port in Firewall and Security Management

SAML on a different port

SWBW_Florian — Wed, 12 Mar 2025 14:09:12 GMT

hi there,

i have an issue while implementing SAML at our checkpoint firewall. due to different usages on our NAT of different IP Adresses for different services i cant use the standard 443 for SAML

our on-premise MFA server is already configured to listen on 1443 instead

NAT is also configured so i can reach the MFA server through mfaweb.com:1443

but i dont know how to configure the SAML Portal at the checkpoints site? I cant edit the port at the SAML Settings

because another service is already listening on the external IP:443 i cant also tranlsate source and destination ports through our NAT, because the NAT wouldnt know if its the service or the SAML

Is there any way to reconfigure the port thats used for the SAML Portal?

Or a way to tweak the NAT?

thanks in advance

Florian

Re: SAML on a different port

the_rock — Thu, 13 Mar 2025 12:22:41 GMT

Hey Florian,

Only place I know is saml portal on the gateway properties in smart console. Would definitely confirm with TAC on this.

Andy

Re: SAML on a different port

SWBW_Florian — Thu, 13 Mar 2025 12:33:25 GMT

Thanks the_rock for your reply.

unfortunately u arent allowed to change the used port here

Re: SAML on a different port

the_rock — Thu, 13 Mar 2025 12:37:34 GMT

Let me test it in R82.

Andy

Re: SAML on a different port

the_rock — Thu, 13 Mar 2025 12:41:18 GMT

You are 100% right, it complains port cant be changed : - (

Can you send a screenshot how you tried nat? Just blur out any sensitive data.

Andy

Re: SAML on a different port

SWBW_Florian — Thu, 13 Mar 2025 12:45:22 GMT

the MFA rule will be the new one for SAML

the RAIDA rule is old but gold, we need it on 443

so i need a way to connect through a different port for saml