A question that has bothered me for some time. I have a gateway (cluster) with FW, IA, ClusterXL, Monitoring, and IPS blades enabled. ps shows the vpnd process running, netstat shows it listening on several VPN specific ports:
I'm looking for an explanation...sk177128 hints that vpnd may be running for Multiportal. pstree really isn't too much help as to what starts it up:
Is there any official sk, documentation, whatever that would explain why/what triggers the use of vpnd? We have compliance requirements to document all required services and listening ports.
Thanks,
Dave
Thanks everyone for the information. Putting some more pieces together, it seems:
1. vpnd is used for Multiportal functionality
2. Multiportal functionality is enabled if a) Identity Awareness is enabled and/or b) the Gaia portal is configured to use 443. I base b) off of a statement in sk115732:
3. I have Identity Awareness enabled on this gateway and 443 is used for the Gaia portal. Even though I am not using captive portal or usercheck on this gateway, Multiportal is enabled, though only one portal configured:
4. If vpnd is running (due to the above circumstances) it will still listen on traditional vpn ports (e.g. TCP 500) even though vpn blade is not enabled (this seems dumb, but is what it is).
Based on this sleuthing (and other similar rabbit holes I have gone down) I'll say Check Point's documentation on services/daemons and network ports used by products has improved, but there's much room for improvement. In the regulatory world that I live in (and I'm guessing many others reading this) we are required to have detailed documentation of running processes/services and network listening ports on critical systems. If there were better documentation around this, it would have saved me a lot of time.
Dave
Adding a little more information - I examined another gateway that only has FW and Monitoring blades enabled (no IA). 443 is used for the Gaia portal. Multiportal is running, but the vpnd process is not:
Based on this I'd say that the vpnd process will run only if IA is running. Multiportal running is not sufficient for vpnd to be started.
Dave
| User | Count |
|---|---|
| 19 | |
| 16 | |
| 15 | |
| 7 | |
| 6 | |
| 5 | |
| 5 | |
| 5 | |
| 5 | |
| 4 |
Tue 05 Nov 2024 @ 10:00 AM (CET)
EMEA CM LIVE: 30 Years for the CISSP certification - why it is still on topTue 05 Nov 2024 @ 05:00 PM (CET)
Americas CM LIVE: - 30 Years for the CISSP certification - why it is still on topThu 07 Nov 2024 @ 05:00 PM (CET)
What's New in CloudGuard - Priorities, Trends and Roadmap InnovationsTue 05 Nov 2024 @ 10:00 AM (CET)
EMEA CM LIVE: 30 Years for the CISSP certification - why it is still on topTue 05 Nov 2024 @ 05:00 PM (CET)
Americas CM LIVE: - 30 Years for the CISSP certification - why it is still on topTue 12 Nov 2024 @ 03:00 PM (AEDT)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (APAC)Tue 12 Nov 2024 @ 10:00 AM (CET)
No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (EMEA)Tue 19 Nov 2024 @ 12:00 PM (MST)
Salt Lake City: Infinity External Risk Management and Harmony SaaSWed 20 Nov 2024 @ 02:00 PM (MST)
Denver South: Infinity External Risk Management and Harmony SaaS
