This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
net-harry
Collaborator
‎2021-09-17 03:54 AM

Hide-NAT ports

Hi,

We are updating ACLs on our Internet facing routers and would like to restrict inbound traffic to the IP addresses of the hide-NAT entries.

From what I can see in the following URL, hide-NAT uses port 600-1023, 10,000-60,000 and 60,001-65,000.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...


Could someone please confirm if this information is up to date and ideally give more information when/if the low ports (600-1023) and extra ports (60001-65000) are needed?

I would also like to know if these ports are used for both UDP and TCP connections or only for TCP. The main outbound UDP services that we are using are DNS and NTP, plus audio/video.

Please find below a sample ACL for inbound reply traffic for the hide-NAT address (x.x.x.x). Ideally we would like to restrict it further if possible.

permit tcp any host x.x.x.x range 600 1023
permit tcp any host x.x.x.x range 10000 65000
permit udp any host x.x.x.x range 600 1023
permit udp any host x.x.x.x range 10000 65000


We are running R80.20 on the security gateways and R80.40 on the management servers.

Thanks for your help!

Harry

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2021-09-17 10:42 AM

Not sure why this post got flagged for spam.
In general, the port ranges depend on the original source port of the traffic in question.
Ports below 1024 are considered "privileged" ports in Linux and any traffic (TCP/UDP) that has a source port below 1024 will have HIDE NAT apply a source port in that range.
The 60001-65000 ports are used specifically for services/features that are not CoreXL friendly.
This was an issue in legacy versions and it's most not relevant in R80.20 (but could be wrong).

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events