Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

vpnd process running, vpn blade not enabled

A question that has bothered me for some time. I have a gateway (cluster) with FW, IA, ClusterXL, Monitoring, and IPS blades enabled. ps shows the vpnd process running, netstat shows it listening on several VPN specific ports:

vpn1.jpg

I'm looking for an explanation...sk177128 hints that vpnd may be running for Multiportal. pstree really isn't too much help as to what starts it up:

pstree.jpg

Is there any official sk, documentation, whatever that would explain why/what triggers the use of vpnd? We have compliance requirements to document all required services and listening ports.

Thanks,

Dave

0 Kudos
6 Replies
Tim_Koopman
Contributor

Not sure on official documentation but in this case I can say it is because you have Identity Awareness enabled.

 

Tim

0 Kudos

Are you using the "Identity Agent" with Identity Awareness in your environment?

0 Kudos

No, only using Identity Collectors in our environment.

Dave

0 Kudos

It is related to other Portals:

"As well as establishing Site-to-Site and Remote Access VPN, the VPND process is also responsible for presenting the certificates used for Portals, other the the Platform Portal"

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos

Thanks everyone for the information. Putting some more pieces together, it seems:

1. vpnd is used for Multiportal functionality

2. Multiportal functionality is enabled if a) Identity Awareness is enabled and/or b) the Gaia portal is configured to use 443. I base b) off of a statement in sk115732:

sk115732.jpg

3. I have Identity Awareness enabled on this gateway and 443 is used for the Gaia portal.  Even though I am not using captive portal or usercheck on this gateway, Multiportal is enabled, though only one portal configured:

mpclient.jpg

4. If vpnd is running (due to the above circumstances) it will still listen on traditional vpn ports (e.g. TCP 500) even though vpn blade is not enabled (this seems dumb, but is what it is).

Based on this sleuthing (and other similar rabbit holes I have gone down) I'll say Check Point's documentation on services/daemons and network ports used by products has improved, but there's much room for improvement. In the regulatory world that I live in (and I'm guessing many others reading this) we are required to have detailed documentation of running processes/services and network listening ports on critical systems. If there were better documentation around this, it would have saved me a lot of time.

Dave

0 Kudos

Adding a little more information - I examined another gateway that only has FW and Monitoring blades enabled (no IA). 443 is used for the Gaia portal. Multiportal is running, but the vpnd process is not:

vpnd2.jpg

Based on this I'd say that the vpnd process will run only if IA is running. Multiportal running is not sufficient for vpnd to be started.

Dave

0 Kudos