cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
C2
Ivory

Re: R80.x Ports Used for Communication by Various Check Point Modules

That's indeed an omission from this otherwise great diagram. Note that tcp 18264 on the management is also accessed by gateways when they check for a CRL (they do this when runnig certificate based centrally managed VPN). With default settings and without access to the CRL, VPN connections fail with "invalid certificate".

0 Kudos

Re: R80.x Ports Used for Communication by Various Check Point Modules

You have written very interesting articles here in Checkmates forum.

Thank you
Tsvika

0 Kudos
Highlighted
Jodus
Ivory

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hi,

Really useful diagram, one to keep for sure.

I have a question regarding Endpoint Security VPN (formerly SecureClient), when creating the VPN sites the only way it would work is if I enabled visitor mode on the gateway. All appears to be working fine after creating the sites however I only ever see incoming 443 and UDP 4500, never see IKE over TCP or UDP, or ESP, is this behaviour right?

I assume the desktop policy doenloaded from the policy server now runs over 443 too?

Thanks!

Re: R80.x Ports Used for Communication by Various Check Point Modules

Great job @HeikoAnkenbrand .

Re: R80.x Ports Used for Communication by Various Check Point Modules

Great post!

How about Dedicated log server <> GW communication? Does this type communication needs MGMT<>GW ports? or narrower subset is enough?

0 Kudos

Re: R80.x Ports Used for Communication by Various Check Point Modules

nice

0 Kudos
sabil
Iron

Re: R80.x Ports Used for Communication by Various Check Point Modules

great job

0 Kudos

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hello Heiko!

Great diagram!


Regarding sk119134,
  TCP 18264 should been added between SmartConsole and CPMgmt/MDM

That port allows SmartConsole to download CRLs from Management
and avoids the "CRLs failed to be downloaded"-issue during SmartConsole start.

Ciao Martin

0 Kudos

Re: R80.x Ports Used for Communication by Various Check Point Modules

New ports updated.

Tags (1)
0 Kudos

Re: R80.x Ports Used for Communication by Various Check Point Modules

Old R77.30 ports removed.

Tags (1)
0 Kudos

Re: R80.x Ports Used for Communication by Various Check Point Modules

great job

0 Kudos
R80
Ivory

Re: R80.x Ports Used for Communication by Various Check Point Modules

nice port overview

0 Kudos

Re: R80.x Ports Used for Communication by Various Check Point Modules

Great!

0 Kudos
ute
Iron

Re: R80.x Ports Used for Communication by Various Check Point Modules

👍

0 Kudos

Re: R80.x Ports Used for Communication by Various Check Point Modules

+v1.5b port update 26.01.2020

0 Kudos

Re: R80.x Ports Used for Communication by Various Check Point Modules

I might be missing it, but I believe there is the following port missing from this diagram:

TCP 18264 - FW1_ica_services

When establishing a centrally-managed certificate-authenticated VPN tunnel, the gateways check the CRL over this port in plaintext (since tunnel is not yet up).

 

Thanks for the awesome diagram!!

Steven.

0 Kudos