This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nick_Doropoulos
Advisor
‎2020-01-15 09:10 AM
Jump to solution

A question on SIC

Considering that SIC uses certificates can I confirm that there is no keep-alive mechanism involved in the protocol at all (in the sense of the manager sending any keep-alive packets to the gateway at a certain frequency)? 

Please note that this question is purely educational and that there is no issue that needs to be resolved.

Thanks in advance.

1 Solution

Accepted Solutions
HeikoAnkenbrand
Champion Champion
Champion
‎2020-01-15 02:32 PM
Jump to solution

Here a small picture for "Secure Internal Communication" between Security Management Server and Security Gateway.

Screenshot_20200115-231913_Edge.jpg

SIC is used for the following policy install, get topology,...

More read here: R80.x - Ports Used for Communication by Various Check Point Modules

Check Point components communicate with each other using SIC. SIC is based on SSL with digital Certificates. When a Security Management Server is installed, a Certificate Authority (CA) is created. The CA issues Certificates for all components that need to communicate with one another.

For example, a remote Security Gateway needs a Certificate from the Security Management Server before a Security Policy is installed, or before a license can be attached to the Security Gateway. Whenever any two entities in a site (Security Management Server, Security Gateway) need to communicate, the sic_policy.conf file is referenced.

Communication takes place over the Check Point communication layer. This channel is encrypted in various ways. This layer can be called the SIC layer. The SIC ports used are:

  • Port 18209, which is used for communication between the Security Gateway and the CA for status, to issue, and revoke.
  • Port 18210, which is used to pull certificates from the CA.
  • Port 18211, which is the port used by the cpd daemon on the Security Gateway to receive the Certificate (by clicking "Initialize" in SmartDashboard).
  • Port 18191, which is used for policy install,... ( More read here: R80.x - Policy Installation Flowchart )
  • Port 18192, which is used for get topology,...
  • Other ports...

PS:
There is no keep-alive mechanism involved.

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

4 Replies
Martin_Valenta
Advisor
‎2020-01-15 12:39 PM
Jump to solution

Over SIC it's simply management talking to gateways and pulling/pushing data.
0 Kudos
FraP
Contributor
‎2020-01-15 12:51 PM
Jump to solution

keepalive for what?
this can help you if i get your question fine...

https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_LoggingAndMonitoring_Admi...

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
‎2020-01-15 02:32 PM
Jump to solution

Here a small picture for "Secure Internal Communication" between Security Management Server and Security Gateway.

Screenshot_20200115-231913_Edge.jpg

SIC is used for the following policy install, get topology,...

More read here: R80.x - Ports Used for Communication by Various Check Point Modules

Check Point components communicate with each other using SIC. SIC is based on SSL with digital Certificates. When a Security Management Server is installed, a Certificate Authority (CA) is created. The CA issues Certificates for all components that need to communicate with one another.

For example, a remote Security Gateway needs a Certificate from the Security Management Server before a Security Policy is installed, or before a license can be attached to the Security Gateway. Whenever any two entities in a site (Security Management Server, Security Gateway) need to communicate, the sic_policy.conf file is referenced.

Communication takes place over the Check Point communication layer. This channel is encrypted in various ways. This layer can be called the SIC layer. The SIC ports used are:

  • Port 18209, which is used for communication between the Security Gateway and the CA for status, to issue, and revoke.
  • Port 18210, which is used to pull certificates from the CA.
  • Port 18211, which is the port used by the cpd daemon on the Security Gateway to receive the Certificate (by clicking "Initialize" in SmartDashboard).
  • Port 18191, which is used for policy install,... ( More read here: R80.x - Policy Installation Flowchart )
  • Port 18192, which is used for get topology,...
  • Other ports...

PS:
There is no keep-alive mechanism involved.

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Uchiha_Itachi
Participant
‎2020-04-05 05:33 AM
In response to HeikoAnkenbrand
Jump to solution

Hi,

Could you please explain difference between the two steps 18210 and 18211

It seems 18211 is sufficient since this would allow to push certificates from ICA (SMS) to Security Gateway...

You said that port 18210 is used to pull certificate from CA, and I am just wondering why do we need this since security Gateway could receive certificates from SMS (port 18211)

what am I missing??

Thank you

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top