This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
LostBoY
Advisor
‎2020-06-02 05:55 AM
Jump to solution

Port Requirement - Management Server and Gateways

Hello,

What is the exact port requirement between a Management Server and the Gateways/Clusters.

My Mgmt Server and GWs are in different Networks so need to open ports for communication

Thanks

 

0 Kudos
2 Solutions

Accepted Solutions
masher
Employee
Employee
‎2020-06-02 07:54 AM
Jump to solution

Check Point has implied rules which usually allow communications between management and gateways.

sk115600 shows how to view the implied rules in order to see specific management <-> gateway firewall rules.

sk52421 includes all of the ports used by Check Point's software.

 

View solution in original post

Wolfgang
Authority
Authority
‎2020-06-02 12:26 PM
In response to masher
Jump to solution

Just have a look at @HeikoAnkenbrand really nice paintings.

R80-x-Ports-Used-for-Communication-by-Various-Check-Point 

Wolfgang

View solution in original post

8 Replies
masher
Employee
Employee
‎2020-06-02 07:54 AM
Jump to solution

Check Point has implied rules which usually allow communications between management and gateways.

sk115600 shows how to view the implied rules in order to see specific management <-> gateway firewall rules.

sk52421 includes all of the ports used by Check Point's software.

 

Wolfgang
Authority
Authority
‎2020-06-02 12:26 PM
In response to masher
Jump to solution

Just have a look at @HeikoAnkenbrand really nice paintings.

R80-x-Ports-Used-for-Communication-by-Various-Check-Point 

Wolfgang

LostBoY
Advisor
‎2020-06-03 07:18 AM
In response to Wolfgang
Jump to solution

Thanks. gr8 link
0 Kudos
LostBoY
Advisor
‎2020-06-03 07:18 AM
In response to masher
Jump to solution

Thanks for the reply... are implied rules automatically applied even when Mgmt Server and Firewalls are in different Network ? or do i have to allow these manually in the policy
0 Kudos
Wolfgang
Authority
Authority
‎2020-06-03 11:50 AM
In response to LostBoY
Jump to solution

Yes, the implied rules for the control connections are using the main IP address of the gateway and management objects.

Wolfgang

Shira
Participant
a week ago
Jump to solution

I am in same situation. i need to allow the traffic in my internal firewall, for this i need details of ports which needs to be open between mgmt server and the firewall.

 

if you have made the list, please share the list.

WR

0 Kudos
PhoneBoy
Admin
Admin
Friday
In response to Shira
Jump to solution

This question is definitely answered by the links provided in this thread (which I've marked as "Solutions"). 

0 Kudos
Don_Paterson
Advisor
Advisor
Friday
In response to Shira
Jump to solution

Pay close attention to the default implied rules in sk115600 and you must account for all the relevant IP addresses of your Check Point assets on the third party firewall. 

The tcp 18209, 18210 and 18211 ports are important for automated SIC certificate renewal (and manual SIC trust establishment when relevant)  

The automatic certificate renewal is done at 75% of the life of the 5 year SIC certificate life, if I remember correctly, so it's not an everyday port but every few years. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events