Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
RM_LuganetSA
Explorer

Connection to a custom port

Hello everyone, hopefully I chose the right board for this question.

Is 443 as the "VPN remote access - remote access port" a pre-requisite for a VPN connection using Check Point Capsule on Windows 10?

For example: I change it on a 1570 appliance, locally managed, to 4400

The connection is configured with the address vpn.contoso.com:4400 but cannot be established.

"The parameter is incorrect." hostName

vpn-error.png

 

I have not been able to find documentation on how to connect to a port different from 443.

The language in SK100509 makes it sound like it only works on 443. Is it still the case and thus expected behaviour?

 

Thank you very much!!
Roberto

 

 

 

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

Here, when configuring with centrally managed, it says Visitor Mode must be enabled on port 443: http://supportcontent.checkpoint.com/documentation_download?id=20361
That corresponds to the setting you are trying to change on the locally managed SMB appliance.

This is, I presume, a limitation of the built-in VPN functionality in Windows 10 that we are leveraging for the Capsule VPN client.
Thus, I would consider it expected behavior.

0 Kudos
RM_LuganetSA
Explorer

Hello PhoneBoy, thank you for your reply!

There are still many things I am not (yet) familiar with regarding where to look and how to interpret what I see.
In particular because many things seems to be called differently between centrally and locally managed and also between firmware versions.

For the time being I will assume that the Check Point Capsule VPN for Windows 10 (from the Microsoft Store) is limited to port 443.

It's not a Windows limitation because we have many many other deployments with firewalls from other vendors where I can specify the connection port in the VPN settings.

I will be able to delve much deeper and test more extensively with the next CP appliance.

Thanks!

0 Kudos
PhoneBoy
Admin
Admin

The question is whether those same vendors are using the built-in Windows 10 VPN functionality or not.
Our native VPN client (also installable on Windows 10, just not from the Windows Store) does not have this limitation either.

0 Kudos
the_rock
Champion
Champion

Hm, interesting...so for capsule VPN it HAS TO be port 443? I never knew that, cause I seen people use different port for vpn client or sandblast and worked fine. 

0 Kudos
PhoneBoy
Admin
Admin

In this specific client, you must use port 443.