- Products
- Learn
- Local User Groups
- Partners
- More
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
A question that has bothered me for some time. I have a gateway (cluster) with FW, IA, ClusterXL, Monitoring, and IPS blades enabled. ps shows the vpnd process running, netstat shows it listening on several VPN specific ports:
I'm looking for an explanation...sk177128 hints that vpnd may be running for Multiportal. pstree really isn't too much help as to what starts it up:
Is there any official sk, documentation, whatever that would explain why/what triggers the use of vpnd? We have compliance requirements to document all required services and listening ports.
Thanks,
Dave
Thanks everyone for the information. Putting some more pieces together, it seems:
1. vpnd is used for Multiportal functionality
2. Multiportal functionality is enabled if a) Identity Awareness is enabled and/or b) the Gaia portal is configured to use 443. I base b) off of a statement in sk115732:
3. I have Identity Awareness enabled on this gateway and 443 is used for the Gaia portal. Even though I am not using captive portal or usercheck on this gateway, Multiportal is enabled, though only one portal configured:
4. If vpnd is running (due to the above circumstances) it will still listen on traditional vpn ports (e.g. TCP 500) even though vpn blade is not enabled (this seems dumb, but is what it is).
Based on this sleuthing (and other similar rabbit holes I have gone down) I'll say Check Point's documentation on services/daemons and network ports used by products has improved, but there's much room for improvement. In the regulatory world that I live in (and I'm guessing many others reading this) we are required to have detailed documentation of running processes/services and network listening ports on critical systems. If there were better documentation around this, it would have saved me a lot of time.
Dave
Adding a little more information - I examined another gateway that only has FW and Monitoring blades enabled (no IA). 443 is used for the Gaia portal. Multiportal is running, but the vpnd process is not:
Based on this I'd say that the vpnd process will run only if IA is running. Multiportal running is not sufficient for vpnd to be started.
Dave
| User | Count |
|---|---|
| 19 | |
| 17 | |
| 14 | |
| 8 | |
| 7 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 |
Tue 16 Dec 2025 @ 05:00 PM (CET)
Under the Hood: CloudGuard Network Security for Oracle Cloud - Config and Autoscaling!Thu 18 Dec 2025 @ 10:00 AM (CET)
Cloud Architect Series - Building a Hybrid Mesh Security Strategy across cloudsTue 16 Dec 2025 @ 05:00 PM (CET)
Under the Hood: CloudGuard Network Security for Oracle Cloud - Config and Autoscaling!Thu 18 Dec 2025 @ 10:00 AM (CET)
Cloud Architect Series - Building a Hybrid Mesh Security Strategy across clouds