This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
charlie
Participant
‎2021-04-09 02:29 AM

Tacacs+ on different port

Hello,

I need to contact the Tacacs server from the Security Gateway on a custom port instead of the default port(49).
Standard step don't include the option to set the port. There is a way to change the port 49?


Regards,

Charlie

0 Kudos
9 Replies
the_rock
Legend
Legend
‎2021-04-09 04:11 AM

Are you not able to create custom service and then assign a port to it?

0 Kudos
charlie
Participant
‎2021-04-09 04:18 AM
In response to the_rock

The source it's the Firewall that have a tacacs configured, but for some reason we need to change the port from 49 to a new one.
From Firewall I can set priority, ip and the key, but I need to change the port.

0 Kudos
the_rock
Legend
Legend
‎2021-04-09 04:29 AM
In response to charlie

Would you mind share screenshot?

0 Kudos
charlie
Participant
‎2021-04-09 04:36 AM
In response to the_rock

This is the Checkpoint Tacacs+ server configuration

Tacacs.PNG

I hope that there is a conf file where I can change the default port

0 Kudos
the_rock
Legend
Legend
‎2021-04-09 04:54 AM
In response to charlie

Ok, got it. Not sure if below link might help, but maybe someone else can chime in. I know you can change ssh port easily from /etc/ssh, but I dont see anything in /etc for tacacs, really sorry mate.

 

https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eve...

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2021-04-09 06:35 AM
In response to charlie

It appears the only way to do this is to hack the tacacs service definitions in the /etc/services file from expert mode; I just tried changing the TACACS port to 149, rebooted and it worked.  The /etc/services file is not auto-generated upon Gaia system startup so your changes should stick. 

However be sure to document this /etc/services file change as it is likely to get overwritten by a version upgrade or even possibly a Jumbo HFA installation.  You'll need to manually check that your port change survived after either of these types of operations.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
charlie
Participant
‎2021-04-09 06:40 AM
In response to Timothy_Hall

Thanks!!!

I'm going to discuss with the Team If we really need to perform this change or we can avoid

Regards

0 Kudos
the_rock
Legend
Legend
‎2021-04-09 07:16 AM
In response to Timothy_Hall

Thanks Tim, thats good to know!!

0 Kudos
KhevynLerroy
Explorer
‎2021-12-23 03:39 AM

The easyest way to do that is configuring a destination NAT where you should tell the firewall every time the firewall IP try to reach the tacacs IP on port 49 change the destination port to xxxx. We did it on our environment and it works well.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events