cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Re: R80.x Ports Used for Communication by Various Check Point Modules

Heiko, It seems the legend (lower left corner) on v1.4b is partly hidden.

Re: R80.x Ports Used for Communication by Various Check Point Modules

THX, It was a problem with my PDF printer. Therefore, the legend was not displayed correctly. I fixed the issue. Should be okay now.

Regards,

Heiko

Vladimir
Pearl

Re: R80.x Ports Used for Communication by Various Check Point Modules

Heiko, the version of the attachment is still Ports_1.4d.pdf.

I think that the diagram in its present form is great as an overall reference map.

If you are interested and can share the Visio source file, I can try to convert it into a web page with layer toggle options.

This way, everyone will be able to enable the components their infrastructure is actually using as well as versions.

I am also not certain how to represent it, but it will be useful to mark user-configurable ports, (WebUI, portal, LEA, etc..) and to give users ability to change corresponding notation on the diagram.

Thank you for your ongoing efforts!

Vladimir

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hi Vladimir,

You're right about the ports. GUI, LEA,... are ports that the user can change. But I have always used the default ports. For example, if the user changes the GUI port from 443 to xyz, he must use his setting.

Can you please accept me as follower, then I can write you a message on the topic share the Visio source file.

THX

Heiko

Vladimir
Pearl

Re: R80.x Ports Used for Communication by Various Check Point Modules

Done

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hello,

this map is useful but I am missing some communication:

How is the Connection flow from the SmartConsole (SmartLog, SmartView Tracker, SmartDashboard, SmartUpdate) when I connect to a MDM and a MLM.

What is the communication flow if I connect from my PC's SmartDomain Manager "SmartLog" on the MDM and the I select different Domains on a MLM. Is the Connection then directly from my PC to the MLM or still to the MDM?

Thanks for updating the sheet!

Regards

Alex

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hi Alex,

the simplest things are usually forgotten. I integrated SmartLog and SmartView into the next version 1.4e.

What I don't want to include in the drawing are loopback ports to the 127.0.0.1 interface.

I haven't found any other ports for MDM and I don't know any ( Ports used by Check Point software):

regards
Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

Is added.

regards
Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hi Heiko,

thanks for updating the PDF.

I don't want to have loopback communication in this Picture but perhaps communication of additional appliance types like MLM and NGSE.

Further what about "SyncXL" on 64K appliances and other Chassi (internal) communication?

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hi Alexander,

I also often work on 61k/64k systems! Are you sure we should take this on board?

I think it's so special we can skip it.

Should have to include chassis <> chassis communication here. I don't have enough space on the A3 paper:-)

I'd like to leave it out. But if you want to have it, please enter a comment. Then I'll draw it in.

thx and regards

Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

blue is better

Will_Lai
Ivory

Re: R80.x Ports Used for Communication by Various Check Point Modules

Thanks for your diagram, you do gave me a big favor   

Re: R80.x Ports Used for Communication by Various Check Point Modules

Just thinking. Shouldn't GAIA fall back to TCP/53 if the queries results in a large response? (large being over 512 bytes.) 

Re: R80.x Ports Used for Communication by Various Check Point Modules

I found something missing:

For authentication to the management server (SmartConsole/Dashboard or Gaia WebUI) the connection from SMS to the services is needed (eg. Radius, TACACS, RSA)

And I have another set of ports for this documentation, if you want to include it: Required open TCP ports for LOM card functionality 

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hi, Norbert,

thank you. I'll add the ports. The problem at the moment is that I have no place on the drawing. I will change it from A3 to A2. Then I'll add the ports.

Regards,

Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

Maybe another idea would be to split the one drawing in a small number which includes parts of it.

E.g. it would be possible to make one for OS parts like ssh, webui, snmp, dns, updates, auth (radius, tacacs), routing (ospf, rip, ...) and so on and one for GW/Management ports. Or even split this part up in Management stuff and one for gateway...

Re: R80.x Ports Used for Communication by Various Check Point Modules

It's a good idea. I must see how I do it! A2 format or two drawings.

Regards,

Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

Use A2 and add all ports in one picture.

Re: R80.x Ports Used for Communication by Various Check Point Modules

Nice Job!

Highlighted

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hi,

Could you add LOM ports.

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hi Christian,

I will do this in the next version.

Regards

Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

I add LOM ports in the next version.

THX

Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hi Heiko,

First off all great stuff sharing this kind of information with the public! I would like to add another request to the new version.

When using ClusterXL, upon a full sync TCP port 256 is used to synchronize the state tables between cluster members. This is handled by the kernel / fwd daemon.

Kind regards,

Jelle Hazenberg

JozkoMrkvicka
Platinum

Re: R80.x Ports Used for Communication by Various Check Point Modules

backups on GWs and MGMTs can be done via FTP, SCP or TFTP.

Kind regards,
Jozko Mrkvicka

Re: R80.x Ports Used for Communication by Various Check Point Modules

I add this in the next version.

THX

Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hi Jalle,

I add port 256 TCP for ClusterXL full sync. in the next version.

THX

Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

Is added.

 

Regards,

Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

Is added.

 

Regards,

Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hi, Heiko! That's a great work!

But you were probably missed udp_259 between gateways. It's Check Point VPN-1 FWZ Key Negotiations (Reliable Datagram Protocol) which using for sending and receiveing VPN probes.

Petr_Hantak
Silver

Re: R80.x Ports Used for Communication by Various Check Point Modules

This is really great job! Thank you for it and I'm glad that is still updating. Written document is one thing, but relations in the picture are great Smiley Happy