Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

FWD Listening ports

Hi everyone,

 

Trying to track down some information on this.  sk52421 lists the specific ports listed by Check Point services, including FWD. However, when I run  "netstat -anp | grep fwd" on a gateway (in this case, running R80.20 with FW and IPS blades running), I get this output:

[Expert@xxxxxxxx:0]# netstat -anp | grep fwd

tcp        0      0 0.0.0.0:45568               0.0.0.0:*                   LISTEN      24580/fwd          

tcp        0      0 0.0.0.0:41472               0.0.0.0:*                   LISTEN      24580/fwd           

tcp        0      0 0.0.0.0:51712               0.0.0.0:*                   LISTEN      24580/fwd          

tcp        0      0 0.0.0.0:45856               0.0.0.0:*                   LISTEN      24580/fwd          

tcp        0      0 0.0.0.0:33120               0.0.0.0:*                   LISTEN      24580/fwd          

tcp        0      0 0.0.0.0:34336               0.0.0.0:*                   LISTEN      24580/fwd          

tcp        0      0 0.0.0.0:256                 0.0.0.0:*                   LISTEN      24580/fwd          

tcp        0      0 127.0.0.1:1024              0.0.0.0:*                   LISTEN      24580/fwd          

tcp        0      0 0.0.0.0:37217               0.0.0.0:*                   LISTEN      24580/fwd           

tcp        0      0 0.0.0.0:56577               0.0.0.0:*                   LISTEN      24580/fwd          

tcp        0      0 0.0.0.0:65057               0.0.0.0:*                   LISTEN      24580/fwd          

tcp        0      0 0.0.0.0:257                 0.0.0.0:*                   LISTEN      24580/fwd          

tcp        0      0 0.0.0.0:48386               0.0.0.0:*                   LISTEN      24580/fwd          

tcp        0      0 0.0.0.0:58658               0.0.0.0:*                   LISTEN      24580/fwd          

tcp        0      0 0.0.0.0:62818               0.0.0.0:*                   LISTEN      24580/fwd

 

And on and on. What is the explanation for all the high ports listening on all interfaces?

 

Thanks,

 

Dave

 

0 Kudos
3 Replies
Highlighted
Admin
Admin

Re: FWD Listening ports

Connections going through the Security Gateway are sometimes "folded" into these listeners to further process traffic.
If you try and connect to these listeners, you should be disconnected.
0 Kudos
Highlighted

Re: FWD Listening ports

Right, on a security gateway fwd is the parent process of all these listeners (sometimes called "security server" processes) and the high ports you see in listening state are used to redirect content for further inspection in process space on the gateway by the security server processes.

 

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos
Highlighted

Re: FWD Listening ports

Thanks everyone, this helps, Of course our security policy would block these connections, but I need to explain this to less technical, 3rd party reviewers and your explanations help.

 

Dave

0 Kudos