cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
C2
Ivory

Re: R80.x Ports Used for Communication by Various Check Point Modules

That's indeed an omission from this otherwise great diagram. Note that tcp 18264 on the management is also accessed by gateways when they check for a CRL (they do this when runnig certificate based centrally managed VPN). With default settings and without access to the CRL, VPN connections fail with "invalid certificate".

0 Kudos

Re: R80.x Ports Used for Communication by Various Check Point Modules

You have written very interesting articles here in Checkmates forum.

Thank you
Tsvika

0 Kudos
Jodus
Ivory

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hi,

Really useful diagram, one to keep for sure.

I have a question regarding Endpoint Security VPN (formerly SecureClient), when creating the VPN sites the only way it would work is if I enabled visitor mode on the gateway. All appears to be working fine after creating the sites however I only ever see incoming 443 and UDP 4500, never see IKE over TCP or UDP, or ESP, is this behaviour right?

I assume the desktop policy doenloaded from the policy server now runs over 443 too?

Thanks!

Re: R80.x Ports Used for Communication by Various Check Point Modules

Great job @HeikoAnkenbrand .

Re: R80.x Ports Used for Communication by Various Check Point Modules

Great post!

How about Dedicated log server <> GW communication? Does this type communication needs MGMT<>GW ports? or narrower subset is enough?

0 Kudos

Re: R80.x Ports Used for Communication by Various Check Point Modules

nice

0 Kudos
sabil
Iron

Re: R80.x Ports Used for Communication by Various Check Point Modules

great job

0 Kudos

Re: R80.x Ports Used for Communication by Various Check Point Modules

Hello Heiko!

Great diagram!


Regarding sk119134,
  TCP 18264 should been added between SmartConsole and CPMgmt/MDM

That port allows SmartConsole to download CRLs from Management
and avoids the "CRLs failed to be downloaded"-issue during SmartConsole start.

Ciao Martin

0 Kudos

Re: R80.x Ports Used for Communication by Various Check Point Modules

New ports updated.

Tags (1)
0 Kudos

Re: R80.x Ports Used for Communication by Various Check Point Modules

Old R77.30 ports removed.

Tags (1)
0 Kudos