This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Aznaz_Reflectio
Contributor
‎2018-04-10 09:56 PM

Which traffic does LDAP use.?

Hi Checkmates,

I would like to ask about the status for this 1470 firewall.

Regarding the LDAP traffic which is about 40MB.

Does it mean it is using the site to site traffic or some internet connection got ldap protocol?

Thank you.

6 Replies
HeikoAnkenbrand
Champion Champion
Champion
‎2018-04-10 10:27 PM

Hi Aznaz,

see Ports Used for Communication by Various Check Point Modules (new version).

Regards

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Aznaz_Reflectio
Contributor
‎2018-04-11 07:43 PM
In response to HeikoAnkenbrand

Thanks for the information sharing..

Pedro_Espindola
Advisor
‎2018-04-11 07:27 AM

Hello Aznaz,

I believe this graphic shows statistics for all the traffic, not only from the internet, so this could be ldap from the site-to-site traffic.

Aznaz_Reflectio
Contributor
‎2018-04-11 07:44 PM
In response to Pedro_Espindola

is there any way for me to verify this.?

G_W_Albrecht
Legend Legend
Legend
‎2018-04-12 01:38 AM
In response to Aznaz_Reflectio

That should be possible by checking the LDAP server IP and the VPN community settings. All traffic to the remote site on SMBs goes thru the VPN tunnel, in WebGUI we only can exclude admin access traffic to the gateway by the Advanced Setting > VPN Site to Site global settings - Override 'Route all traffic to remote VPN site' configuration for admin access to the device. Or, you can use a special configuration file, see Locally managed SMBs vpn_table.def file.

Strange is that you are using this 1470 like a 770 - using central management would make it easy to exclude services from VPN, also enable the second processor core and even give you logs with names ...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Pedro_Espindola
Advisor
‎2018-04-12 06:43 AM
In response to Aznaz_Reflectio

Do you have accept logs enabled? Hosts using LDAP service usually make connections every few minutes. So checking the logs with the filter "service:ldap" should show you where the traffic is going.

If you see ldap traffic going both to the internet and to VPN sites, then you will not be able to check how much of the 40MB went to each destination. This would only be possible on a central management with SmartEvent.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events