cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hi Artem,
thx, i have added port 259 UDP for link probing.

Best regards

Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

Nice document.

Re: R80.x Ports Used for Communication by Various Check Point Modules

This is really great job!

THX

Re: R80.x Ports Used for Communication by Various Check Point Modules

Nice job !

Re: R80.x Ports Used for Communication by Various Check Point Modules

TCP 2010

FIBMGR - Forwarding Information Base Manager - Dynamic Routing Cluster configuration.

FIB Manager connections from / to cluster members on SecurePlatform OS with enabled Dynamic Routing.

From help in SmartDashboard R77.30: 

OSPF - Graceful restart
• Allow connections to port TCP 2010 over the sync network

From sk120355 

The routed process synchronizes OSPF and BGP routes via port 2010.

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hi Aleksei,

thx, i have added port 2100.

Regards,

Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

Very nice overview!

Re: R80.x Ports Used for Communication by Various Check Point Modules

Great work.

Employee++
Employee++

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hi Heiko,

great diagram - helps a lot.

Looks like TCP port 256 from Mgmt to GW is needed to fetch topology.

Also you may add this SK for reference:

Ports used by Check Point software 

Regards Thomas

Re: R80.x Ports Used for Communication by Various Check Point Modules

I add port 256 in the next version.

 

THX

Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

Thank you

Much better than the sk Smiley Happy

Re: R80.x Ports Used for Communication by Various Check Point Modules

Port 256 is added.

Regards,

Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hello Heiko,

great picture. May it be possible to add two ports?

TCP/18264 on SmartCenter for fetching the CRL from the ICA (internal CA)

TCP/18265 on SmartCenter for accessing the ICA managemet Tool. Its very helpfull for checking certificates and their expiration-dates.

Best regards

Sascha

JozkoMrkvicka
Platinum

Re: R80.x Ports Used for Communication by Various Check Point Modules

Should be 2010, not 2100.

Kind regards,
Jozko Mrkvicka
0 Kudos

Re: R80.x Ports Used for Communication by Various Check Point Modules

Thanks for the new diagram.

 

0 Kudos

Re: R80.x Ports Used for Communication by Various Check Point Modules

If you install EndPoint Policy Management port 443 is no longer in use for GAIA. It will, by default, be moved to port 4434.

Secondary SmartConsole requires access to the port used above for any log tab that is not pointing directly to the SmartLog. (For example your SmartEvent, ....)

This can be a problem if high ports are blocked by default on another firewall.

I am not sure how to parse that information in the diagram you created. (Anyone a suggestion?)

0 Kudos
JozkoMrkvicka
Platinum

Re: R80.x Ports Used for Communication by Various Check Point Modules

LOM ports are not in the drawing (was mentioned there as well).

Required open TCP ports for LOM card functionality

Kind regards,
Jozko Mrkvicka
0 Kudos

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hi Jozko

I've been working hard with Check Point on this article R80.x Security Gateway Architecture (Logical Packet Flow)  the last few days and nights. That is why I have not reacted here.

Now to the topic:

I have a space problem in the A3 overview and I am converting it to a larger format. Please give me a few more days.

Regards,

Heiko

Re: R80.x Ports Used for Communication by Various Check Point Modules

Also nice owerview.

Thanks

Saleme

0 Kudos

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hi Heiko,

as Jozko said this should be port TCP/2010 and not TCP/2100. Please correct this to prevent misconfigurations.

Thanks for your great work!

0 Kudos

Re: R80.x Ports Used for Communication by Various Check Point Modules

Good job!!!

0 Kudos

Re: R80.x Ports Used for Communication by Various Check Point Modules

Great job!

Re: R80.x Ports Used for Communication by Various Check Point Modules

Well done, sir!  Thank you for making time to produce, update & share this!

Re: R80.x Ports Used for Communication by Various Check Point Modules

Well done!

0 Kudos
Petr_Hantak
Silver

Re: R80.x Ports Used for Communication by Various Check Point Modules

I agree that those should be mentioned. Especially TCP/18264 for first time connection to management server on R80. Otherwise you'll get an error "CRLs failed to be downloaded".

0 Kudos
Shinn_Ho
Iron

Re: R80.x Ports Used for Communication by Various Check Point Modules

What were the ports need to be allow for the use of API if there was a firewall in between?

0 Kudos
Admin
Admin

Re: R80.x Ports Used for Communication by Various Check Point Modules

The R80.x API runs over port 443.

Sven_Glock
Silver

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hi Heiko,

maybe I found a missing communication channel.

What about Sandblast Detecting links to malicious files inside e-mails (sk115313)?

This needs communication to the internet. I am sure it is using http. No idea whether it can also use https or not.

Additionally TE appliance needs CPUSE and updates from Check Point, too.

Thanks for your excelent job.

Cheers

Sven

Re: R80.x Ports Used for Communication by Various Check Point Modules

How about including the cluster-admin port between gateways of tcp/1129, I know this tripped me up when first deploying the feature, and it's not an implicit rule.

Highlighted

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hi Sven,

is added in version 1.4o.

Regards,

Heiko