This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RS_Daniel
Advisor
Advisor
‎2025-07-15 11:14 AM

Remote Access port 80 needed?

Hi CheckMates,

We have a clusterXL with 2 X 1800 appliances, running gaia embedded R81.10.17. This cluster is used for remote access vpn connections.

VPN clients face an issue. When they try to connect, site is not responding error appears. Checking on logs, we can see port 80 is dropped by our clean up rule.

If we create a explicit rule allowing port 80 from client public IP, the connection is successful. So i have two questions: Is it normal remote access vpn clients use port 80? if it is normal, i think it should be accepted by default, rigth?

We have the option "Accept Remote Access control connections" enabled on global properties. Any help is appreciated thanks in advance.

Regards

0 Kudos
9 Replies
PhoneBoy
Admin
Admin
‎2025-07-15 11:33 AM

It's normal for the client to reach out on port 443.
Port 80 should redirect there.

0 Kudos
RS_Daniel
Advisor
Advisor
‎2025-07-15 11:56 AM
In response to PhoneBoy

Hi,

Thans for your help. So, in our case, redirection is not working? as vpn clients connections are dropped on port 80.

0 Kudos
PhoneBoy
Admin
Admin
‎2025-07-15 11:58 AM
In response to RS_Daniel

If you don't allow access on port 80, that redirect won't happen.
Why the client is using port 80 is a separate question. 
What client version on what platform(s)?

0 Kudos
RS_Daniel
Advisor
Advisor
‎2025-07-15 12:25 PM
In response to PhoneBoy

The happens with many different client versions on windows. In my case i am using endpoint security E89.00 and windows 11. On the other hand, i have a couple dozens different customers with similar scenario, and i can connect to all of them without problems, without allowing port 80 with an explicit rule.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-07-15 12:00 PM
In response to RS_Daniel

How is below setup? Btw, I would test with newest E89 client. I can verify in the lab for that behavior. How are you creating/connecting to site? Is site name something like vpn.companyname.com:80?

Andy

Best,
Andy
"Have a great day and if its not, change it"
Preview file
59 KB
0 Kudos
RS_Daniel
Advisor
Advisor
‎2025-07-15 12:27 PM
In response to the_rock

The configuration is the same as on the screenshot, https and all interfaces. To connect the clients use vpn.domain.com or the public IP address, without port. In both cases the same issue.

Regards

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-07-15 12:29 PM
In response to RS_Daniel

This is very interesting...let me finish some Cisco stuff Im doing, will definitely confirm this in the lab later.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-07-15 12:51 PM
In response to RS_Daniel

I just tested and worked fine in my lab, mind you, port 80 is allowed, which would make sense, since redirect does happen.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-07-15 11:39 AM

I am 100% sure what @PhoneBoy said is correct.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events