This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Networks_Team_B
Participant
‎2024-04-18 04:00 AM
Jump to solution

Port 18192

What does Port 18192 do exactly?

I can see traffic every minute from our secondary management server to a few of our gateways (on port 18192)

I can see that they have a 'lost' status, but it doesn't appear to be SIC related. 

Is it something like certain config not being exported/imported properly? 

What can we do to stop this please

Many thanks 

0 Kudos
2 Solutions

Accepted Solutions
Tal_Paz-Fridman
Employee
Employee
‎2024-04-18 04:52 AM
Jump to solution

It is for the CPD AMON (Application Monitoring):

Check Point internal Application Monitoring (AMON) connections between Security Gateway and Management Server / SmartReporter Server / SmartEvent Server (CPD daemon)

 

Ports used by Check Point software:

https://support.checkpoint.com/results/sk/sk52421 

 

So basically used to deliver monitoring information from the remote machines to the Security Management Server. 

Because the Security Gateways are also aware of the Secondary Management Server as a "Management" they try to deliver status information.

View solution in original post

Lesley
Advisor
Advisor
‎2024-04-18 04:56 AM
Jump to solution

Backup management does not run the cpstat_monitor process (only active unit).

As stated in: https://support.checkpoint.com/results/sk/sk35278

This process is used for information in Smartview Monitor, I think that is why you have lost status.

You can test it to make the stand-by unit active and see if then the issue gone.

Regarding the 18192 port this is required to be allowed:

CP 18192 CPD_amon - Check Point Internal Application Monitoring Check Point internal Application Monitoring (AMON) connections between Security Gateway and Management Server / SmartReporter Server / SmartEvent Server (CPD daemon)
-------
If you like this post please give a thumbs up(kudo)! 🙂

View solution in original post

3 Replies
Tal_Paz-Fridman
Employee
Employee
‎2024-04-18 04:52 AM
Jump to solution

It is for the CPD AMON (Application Monitoring):

Check Point internal Application Monitoring (AMON) connections between Security Gateway and Management Server / SmartReporter Server / SmartEvent Server (CPD daemon)

 

Ports used by Check Point software:

https://support.checkpoint.com/results/sk/sk52421 

 

So basically used to deliver monitoring information from the remote machines to the Security Management Server. 

Because the Security Gateways are also aware of the Secondary Management Server as a "Management" they try to deliver status information.

Lesley
Advisor
Advisor
‎2024-04-18 04:56 AM
Jump to solution

Backup management does not run the cpstat_monitor process (only active unit).

As stated in: https://support.checkpoint.com/results/sk/sk35278

This process is used for information in Smartview Monitor, I think that is why you have lost status.

You can test it to make the stand-by unit active and see if then the issue gone.

Regarding the 18192 port this is required to be allowed:

CP 18192 CPD_amon - Check Point Internal Application Monitoring Check Point internal Application Monitoring (AMON) connections between Security Gateway and Management Server / SmartReporter Server / SmartEvent Server (CPD daemon)
-------
If you like this post please give a thumbs up(kudo)! 🙂
the_rock
Legend
Legend
‎2024-04-18 05:30 AM
Jump to solution

You definitely got the right answers. The sk @Tal_Paz-Fridman provided is probably the best reference.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events