Hi,
When checking SK108235 for ports.
Communication Protocols
Direction | Port | Protocol |
Identity Collector to Identity Awareness Gateway | 443 | Proprietary Check Point protocol, over HTTPS. Used for ongoing communication between the Agent and the Security Gateway. |
Identity Awareness Gateway to Domain Controller | 389 / 636 | LDAP / LDAPS |
Identity Collector to Domain Controller | 53 | DNS |
*Identity Collector to Domain Controller | 389 | LDAP |
Identity Collector to Domain Controller | 135, and dynamically allocated ports | DCOM protocol, which makes extensive use of DCE/RPC. |
Identity Collector to Cisco ISE | 5222 | Session subscribe. Gets notifications of new login/logout events. |
Identity Collector to Cisco ISE | 8910 | Bulk session download. Fetches all the active sessions from the ISE Server. |
* Note: LDAPS is also optional (through port 636) when using "NetIQ eDirectory". For all other uses (which are the most common ones), we are using LDAP only.
I dont see LDAPS, 636 for standard Microsoft AD. not sure what this NetIQ eDirectory is.
When is LDAPS 636 comming for IA if its not already present, (if so i dont see where to change it in the GUI)
Regards,
Magnus
https://www.youtube.com/c/MagnusHolmberg-NetSec