cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Juan_Carlos
Nickel

Re: R80.x Ports Used for Communication by Various Check Point Modules

No. Security Management Server also needs TCP8211 to connect to log server.

This is not explained in sk52421 but this is what I noticed it on my R80.10 management platform Smiley Happy. If I remember, if TCP8211 if not open, then SmartLog (on the management server) cannot browse logs stored on the log server.

Re: R80.x Ports Used for Communication by Various Check Point Modules

👍

0 Kudos

Re: R80.x Ports Used for Communication by Various Check Point Modules

Ok, thx. I add the port to the next drawing.

Regards,

Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

I add the authentication ports to the next drawing.

Regards,

Heiko

Juan_Carlos
Nickel

Re: R80.x Ports Used for Communication by Various Check Point Modules

You're welcome

Maybe you could propose your drawing to R&D ^^

Re: R80.x Ports Used for Communication by Various Check Point Modules

Smiley Happy

Regards,

Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hi Hugu,

I have added the following services:

-  Radius

- TACACS

- RSA ACE

Regards,

Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

Maybe you can consolidate the 2 RADIUS servers 😉

Re: R80.x Ports Used for Communication by Various Check Point Modules

Nice drawing.

Can you include the communication for an external log server?

Re: R80.x Ports Used for Communication by Various Check Point Modules

As next step I added client authentication ports 

900 and 259.

Regards,

Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

Why the arrow for FW1 in left part of Smart Center is pale grey? Because it is for old software only, I suppose. Maybe it would be a good thing to delete it at all, as version 4 is way out of support. Or your intend is to include all known ports which are visible in services?

I saw one version with legend for the drawing, with explanations of why colors for arrows are different. I think it would be better to have it on the drawing. Does it add too much tricky situations? But then why there are different colors of arrows? Smiley Happy

Re: R80.x Ports Used for Communication by Various Check Point Modules

- add 900, 259 Client-Auth

- deleted old 4.0 ports Smiley Happy

Regards,

Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

Add Mobile Access Blade Ports.
Thanks in advance!

Re: R80.x Ports Used for Communication by Various Check Point Modules

Version 1.1e:

- add OPSEC
- delete R55 ports

Regards,

Heiko

Iain_Keir1
Nickel

Re: R80.x Ports Used for Communication by Various Check Point Modules

This is awesome, really well presented. Thanks!

Iain
CISSP
JozkoMrkvicka
Platinum

Re: R80.x Ports Used for Communication by Various Check Point Modules

udp_1645 is also radius authentification (both GW and SC)

syslog udp_514 (both GW and SC)

snmp udp_161 snmp monitoring (both GW and SC)

snmp-trap udp_162 snmp-trap (both GW and SC)

What is "IA" inside GW and DashBoard ?

Kind regards,
Jozko Mrkvicka
Ivo_Marques
Nickel

Re: R80.x Ports Used for Communication by Various Check Point Modules

Identity Awareness

Highlighted

Re: R80.x Ports Used for Communication by Various Check Point Modules

I add syslog, SMTP and snmp in the next version.

thx,

Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

It's very helpful! 

Re: R80.x Ports Used for Communication by Various Check Point Modules

I really like the overview.

Can you add end point communication ports?

0 Kudos
JozkoMrkvicka
Platinum

Re: R80.x Ports Used for Communication by Various Check Point Modules

There is also ICMP ping between members of cluster for lowest / highest VLAN checking.

What about DHCP ? udp_67, udp_68 ? Communication for DHCP server / Client.

In case backups from GW or SC are set, relevant ports are ftp, ssh (scp), tfp towards backup server / management.

Access to GUI DashBoard is done via CPMI and access to CMA / SMS via GuiDBedit is done via tcp_18190. (maybe you can add PC at very left, it will represent end user PC with SmartConsole installed)

Not sure if IGMP is relevant here, but this is also passing between GW nodes.

PS: The legend field (in purple) at the bottom of the drawing is not visible at all. Looks it is just picture inserted ?

Kind regards,
Jozko Mrkvicka

Re: R80.x Ports Used for Communication by Various Check Point Modules

It's done.

Regards,

Heiko

-_-2
Ivory

Re: R80.x Ports Used for Communication by Various Check Point Modules

Routing ports are also good e.g. for BGP, OSPF, RIP,...

Re: R80.x Ports Used for Communication by Various Check Point Modules

Heiko Ankenbrand, here are my suggestions on design and blocks placement. You can take any ideas from it that you like. I can also provide my visio file to you.

It's a draft version, so there might be some mistakes in it compared to the Heiko's original. And I might have misinterpreted some ideas of communications there.

Admin
Admin

Re: R80.x Ports Used for Communication by Various Check Point Modules

Great effort by the community in generating this diagram, I must say.

However, I have one small correction to offer.

In R77.30 and earlier, SmartConsole actually queries AD directly when creating access roles.

In R80+, this is not the case.

Source for this is the following SK: No items are found when using user selection in access roles 

I might also suggest documenting the "source SKs" for the information in the diagram as well.

Employee+
Employee+

Re: R80.x Ports Used for Communication by Various Check Point Modules

Suggest to add snmp/ntp versions, syslog and netflow.

Employee+
Employee+

Re: R80.x Ports Used for Communication by Various Check Point Modules

Great initiative indeed ! 

good to see such work in the community !

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hi Michel,

In the original version I already have snmp, ntp and syslog:

v1.1g - bug fix - add mail smtp -add dhcp - add snmp 25.03.2018

Thanks for the tip with netflow. I'll add it to the next version.

Regards,

Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hi Michel,

I had add netflow.

Regards,

Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hi Aleksei,

I had changed the designe to blue/grey in version 1.3. Smiley Happy

Regards,

Heiko