Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
HeikoAnkenbrand
Champion Champion
Champion
Jump to solution

R8x Ports Used for Communication by Various Check Point Modules (new version 2.1)

Introduction

This drawing should give you an overview of the used R80, R81 ports respectively communication flows. It should give you an overview of how different Check Point modules communicate with each other. Furthermore, services that are used for firewall operation are also considered. These firewall services are also partially mapped as implied rules in the set on the firewall.

Overview

Ports.png

Download PDF

Download R8x version 2.0:
R8x Ports Used for Communication PDF

SmartConsole Extention


New!

Now I have developed a SmartConsole Extension so that you can view the overview directly in the SmartConsole.
In the Access Policy section in the upper area, there is a tab called "Ports for Modules". More infos here.

Extension URL: https://www.ankenbrand24.de/ex/ports.json

picture_ports_1_6546456.jpg

References

Support Center: Ports used by Check Point software 

Versions

 

Version 2.1:
+ v2.1b  all new R82 ports (IA + RA VPN ikev2)                                      10/29/2024
+ v2.1a  all new R81.20 ports (Cloudguard + VPN + ClusterXL)           07/15/2024

old Version 2.0:
+ v2.0f new! now with SmartConsole Extension                                02/13/2023
+ v2.0e add LOM port 2048                                                                         01/31/2023
+ v2.0d  add LOM ports                                                                               01/23/2023

+
v2.0c  new colors + design                                                                      01/22/2023
+ v2.0b  best mistake 🙂  SmartDashboard versus SmartConsole     01/22/2023
+ v2.0a correct names : SMS, MDS, SmartConsole, ...                          01/21/2023

old Version 1.9:
+ v1.9a  add port 443 cloud CME  19.03.2022
+
v1.9b  fix port issue 442 cloud CME  22.03.2022

old Version 1.8:
+ v1.8a R81.10 EA update 04.05.2021
+ v1.8b add port 18264 30.05.2021
+ v1.8c R81.10 upgrade 28.07.2021

old Version 1.7:
+ v1.7a R81 EA update 17.07.2021
+ v1.7b bug fix 20.08.2021
+ v1.7c bug fix + new download link 25.06.2021

old Version 1.6:
+ v1.6a add Azure ports 05.05.2020
+ v1.6b add all cloud ports 15.06.2020

old Version 1.5:
+ v1.5a typos corrected 18.09.2019
+ v1.5b port update 26.01.2020

old version 1.4:
+ v1.4a bug fix, update port 1701 udp L2TP 09.04.2018
+ v1.4b bug fix 15.04.2018
+ v1.4c CPUSE update 17.04.2018
+ v1.4d legend fixed 17.04.2018
+ v1.4e add SmartLog and SmartView on port 443 20.04.2018
+ v1.4f bug fix 21.05.2018
+ v1.4g bug fix 25.05.2018
+ v1.4h add Backup ports 21, 22, 69 UDP and ClusterXL full sync port 256  30.05.2018
+ v1.4i add port 259 udp VPN link probeing 12.06.2018
+ v1.4j bug fix 17.06.2018
+ v1.4k add  OSPF/BGP route Sync 25.06.2018
+ v1.4l bug fix routed 29.06.2018
+ v1.4m bug fix tcp/udp ports 03.07.2018
+ v1.4n add port 256 13.07.2018
+ v1.4o bug fix / add TE ports 27.11.2018
+ v1.4p bug fix routed port 2010 23.01.2019
+ v1.4q change to new forum format 16.03.2019

old version 1.3:
+ v1.3a new designe (blue, gray), bug fix, add netflow, new names 27.03.2018
+ v1.3b add routing ports, bug fix designe 28.03.2018
+ v1.3c bug fix, rename ports (old) 29.03.2018
+ v1.3d bug fix 30.03.2018
+ v1.3e fix issue L2TP UDP port 1701

old version 1.1:
+ v1.1a - added r80.xx ports 16.03.2018
+ v1.1b - bug in drawing fixed 17.03.2018
+ v1.1c - add RSA, TACACS, Radius 19.03.2018
+ v1.1d - add 900, 259 Client-auth - deleted od 4.0 ports 20.03.2018
+ v1.1e - add OPSEC -delete R55 ports 21.03.2018
+ v1.1f - bug fix 22.03.2018
+ v1.1g - bug fix - add mail smtp -add dhcp - add snmp 25.03.2018

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
(42)
308 Replies
Armin_Weiler
Participant

Great job continues.

Armin_Weiler
Participant

Blue/gray is better!
THX

Sven_Hamilton
Participant

Suggest to add OSPF, RIP, BGP.

Keep up the good work in the Forum.

Jan_Johannsen
Employee Alumnus
Employee Alumnus

Hello Heiko,

This is really great stuff! Thanks for maintaining and updating to latest releases.

Maybe you can correct the minor cut in the graphics in lower left corner - in the explanation box.

Seems to be an error in both the online and pdf version.

Thanks

/Jan

(1)
Ralf_Schirmer
Participant

Yes, this is really great stuff!

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

Hello, Jan,

thanks for the info. I have a small problem with my "Microsoft PDF Printer" Smiley Happy, so it is always displayed incorrectly.

I'll try to improve it in the next version.

Thanks

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
(1)
HeikoAnkenbrand
Champion Champion
Champion

What do you think I should delete old R70/R71R75/R76 ports?

Some of our customers still use old firewalls, so it can still be helpful.

I'm not so sure myself!

Regards,

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
AlekseiShelepov
Advisor

Now the version of the drawing is R80.10.

HeikoAnkenbrand
Champion Champion
Champion

I add routing ports in the next version.

Regards,

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Jan_Johannsen
Employee Alumnus
Employee Alumnus

As long as you clearly differentiate what is current standard and what is legacy - I find it valuable to have a single page doc.

The second option is to separate into two pages in same document - Latest conventions and legacy on separate pages.

Especially for customers who have a clean and updated environment, it will give a simpler and easier overview.

/Jan

Markusevc
Employee
Employee

Thanks Heiko, great initiative. Will leave up to you whether it makes sense to also add the different supported versions of e.g. snmp (1/2/3) or ntp (1/2/3/4).

Security Solutions Expert for Global Strategic Partners GSI/MSP/Telco & Consultancy Firms
Shinn_Ho
Participant

Security gateway update anti-virus/anti-bot signature seems also need to connect to Check Point update server directly right?

HeikoAnkenbrand
Champion Champion
Champion

I think management server and SmartDashBoard only.

Regards,

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
HeikoAnkenbrand
Champion Champion
Champion

I added routing communication in verion 1.3b!

Oh, I just remember something:
- Contract Update

Regards,

Heiko

 
➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Mike_Brenner
Explorer

I think so too, great project and great community

HeikoAnkenbrand
Champion Champion
Champion

Changes in version 1.3c:

- bug fix 

+ BGP

+ RIP v1 and v2

+ OSPF

Regards,

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Sven_Hamilton
Participant

nice job  

John_Tammaro1
Contributor
Contributor

fantastic document.

HeikoAnkenbrand
Champion Champion
Champion

Changes in version 1.3d:

 

- bug fix 

Regards,

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Dr__Chris_Murph
Participant

I like that document. It is very helpful for rule creation and troubleshooting.

Armin__Alic
Participant

The L2TP port UDP 1701 is missing in your drawing.

Horst_Hub
Participant

I agree with you. The new color scheme is better.

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

I would like to thank everyone for their great support in the Checkmates forum. Smiley Happy

THX

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Hong_Ning
Participant

100 points, nice!

JozkoMrkvicka
Authority
Authority

MDS (Multi-Domain Server / Provider-1) are using the same ports as SMS ? For sync between Active and Standby + communication with CMAs.

PS: pdf version for download is still 1.3b, not actual 1.4a

Kind regards,
Jozko Mrkvicka
0 Kudos
Sven_Glock
Advisor

I don't know if it is already fixed in the latestest pdf version: The legend is coverd by a white rectangle

Denenico_Grimal
Explorer

Nice PDF!

THX

Nader_Assi__Old
Contributor

Nice work! Just need to be able to download the latest version 1.4a in PDF.

JozkoMrkvicka
Authority
Authority

CRL fetch from LDAP can be done also using http (not only ldap port)

Kind regards,
Jozko Mrkvicka
HeikoAnkenbrand
Champion Champion
Champion

Okay, I am check this and add the port in the next version.

THX

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events