This version is still using more ports, e.g. those for LDAP. The ports listed
are specific for a Check Point VPN-1/FireWall-1 NG.
Ports used by Check Point
VPN-1/FireWall-1 4.x you find here.
| Port No. | Name in Service Manager | Short description |
| 256 /tcp | FW1 | Check Point VPN-1 & FireWall-1 Service - Download of rulebase from MM to FWM (4.x) - Fetching rulebase from FWM to MM when starting (4.x) - Full synchronisation for HA configuration (also for NG) |
| 257 /tcp | FW1_log | Check Point VPN-1 & FireWall-1 Logs - Protocol used for delivering logs from FWM to MM |
| 259 /tcp | FW1_clntauth FW1_clntauth_telnet |
Check Point VPN-1 & FireWall-1 Client
Authentication (Telnet) - Protocol for performing Client-Authentication at FWM using telnet |
| 259 /udp | RDP | Check Point VPN-1 FWZ Key Negotiations -
Reliable Datagram Protocol - Protocol used for FWZ VPN (supported up to NG FP1 only) - Protocol used by SR/SCl for checking the availability of the FWM/PS |
| 260 /udp | FW1_snmp | Check Point VPN-1 & FireWall-1 SNMP
Agent - Check Point's SNMP, used additionally to 161/udp (snmp) |
| 261 /tcp | FW1_snauth | Check Point VPN-1 & FireWall-1 Session
Authentication - Protocol for Session Authentication between FWM and SAA |
| 264 /tcp | FW1_topo | Check Point VPN-1 SecuRemote Topology
Requests - Topology Download for SR (build 4100 and higher) and SCl |
| 265 /tcp | FW1_key | Check Point VPN-1 Public Key Transfer
Protocol - Protocol for exchanging CA- and DH-keys between MM's (SKIP, FWZ (4.x)) - Public Key download for SR/SCl |
| 900 /tcp | FW1_clntauth FW1_clntauth_http |
Check Point VPN-1 & FireWall-1 Client
Authentication (HTTP) - Protocol for performing Client-Authentication at FWM using HTTP |
| 2746 /udp | VPN1_IPSEC_encapsulation | Check Point VPN-1 SecuRemote IPSEC Transport
Encapsulation Protocol - Default-Protocol used for UDP encapsulation |
| 5004 /udp | MetaIP-UAT | Check Point Meta IP UAM Client-Server Communication |
| 8116 /udp | - not predefined - | Check Point Cluster Control Protocol - Protocol for internal communication between High Availability Cluster Members. Used for e.g. report/query state, probing, load balancing |
| 18181 /tcp | FW1_cvp | Check Point OPSEC Content Vectoring
Protocol - Protocol used for communication between FWM and AntiVirus Server |
| 18182 /tcp | FW1_ufp | Check Point OPSEC URL Filtering Protocol - Protocol used for communication between FWM and Server for Content Control (e.g. Web Content) |
| 18183 /tcp | FW1_sam | Check Point OPSEC Suspicious Activity Monitor
API - Protocol e.g. for Block Intruder between MM and FWM |
| 18184 /tcp | FW1_lea | Check Point OPSEC Log Export API - Protocol for exporting logs from MM |
| 18185 /tcp | FW1_omi | Check Point OPSEC Objects Management
Interface - Protocol used by applications having access to the ruleset saved at MM |
| 18186 /tcp | FW1_omi-sic | Check Point OPSEC Objects Management Interface
with SIC - Protocol used by applications having access to the ruleset saved at MM |
| 18187 /tcp | FW1_ela | Check Point OPSEC Event Logging API - Protocol for applications logging to the Firewall log at MM |
| 18190 /tcp | CPMI | Check Point Management Interface - Protocol for communication between GUI and MM |
| 18191 /tcp | CPD | Check Point Daemon Protocol - Download of rulebase from MM to FWM - Fetching rulebase from FWM to MM when starting |
| 18192 /tcp | CPD_amon | Check Point Internal Application
Monitoring - Protocol for e.g. getting System Status from MM to FWM |
| 18193 /tcp | FW1_amon | Check Point OPSEC Application Monitoring - Protocol for monitoring apps, e.g. from MM to CVP server |
| 18202 /tcp | CP_rtm | Check Point RTM Log |
| 18205 /tcp | CP_reporting | Check Point Reporting client - Protocol used by Reporting client when connecting to Reporting Server (MM) |
| 18207 /tcp | FW1_pslogon | Check Point Policy Server Logon protocol - Protocol used for download of Desktop Security from PS to SCl (4.x) |
| 18208 /tcp | FW1_CPRID | Check Point Remote Installation Protocol - Protocol used from MM to FWM when installing Secure Updates. |
| 18209 /tcp | - not predefined - | Protocol used in SIC for communication between FWM and ICA (status, issue, revoke) |
| 18210 /tcp | FW1_ica_pull | Check Point Internal CA Pull Certificate
Service - Protocol used for FWM pulling CA's from MM |
| 18211 /tcp | FW1_ica_push | Check Point Internal CA Push Certificate
Service - Protocol used for pushing CA's from MM to FWM |
| 18212 /udp | FW1_load_agent | Check Point ConnectControl Load Agent - Default-Port for Load Agent running on load-balanced Servers (e.g. WWW, FTP) |
| 18221 /tcp | CP_redundant | Check Point Redundant Management Protocol - Protocol used for synchronizing primary and secondary MM |
| 18231 /tcp | FW1_pslogon_NG | Check Point NG Policy Server Logon protocol
(NG) - Protocol used for download of Desktop Security from PS to SCl |
| 18232 /tcp | FW1_sds_logon | Check Point SecuRemote Distribution Server
Protocol - Protocol for software distribution of Check Point components |
| 18233 /udp | FW1_scv_keep_alive | Check Point SecureClient Verification KeepAlive
Protocol - Protocol for verifying SecureClient |
| 18234 /udp | tunnel_test | Check Point tunnel testing application - Protocol for verification of SLA's |
| 18241 /udp | E2ECP | Check Point End to End Control Protocol |
| 18262 /tcp | CP_Exnet_PK | Check Point Extrnet public key
advertisement - Protocol for exchange of public keys when configuring Extranet |
| 18263 /tcp | CP_Exnet_resolve | Check Point Extranet remote objects
resolution - Protocol for importing exported objects from partner in Extranet |
| 18264 /tcp | FW1_ica_services | Check Point Internal CA Fetch CRL and User
Registration Services - Protocol for Certificate Revocation Lists and registering users when using the Policy Server |
| 19190 /tcp | FW1_netso | Check Point User Authority simple protocol - Protocol used in UA for connecting from UA Server to Web Plugin when authenticating users here |
| 19191 /tcp | FW1_uaa | Check Point OPSEC User Authority API - Protocol for connections to the UA Server |
Additionally defined:
Internet Protocol 94
(FW1_Encapsulation), Check Point VPN-1 SecuRemote FWZ Encapsulation
Protocol
Internet Protocol 17 (tunnel_test_mapped), tunnel testing for a
module performing the tunnel test
|
Shortcuts | |
| FWM | Firewall Module, Inspection Module, Enforcement Point, also SecuRemote Server |
| GUI | Rulebase Editor, Graphical User Interface, Management Client, Policy Editor |
| ICA | Internal CA, mostly primary MM |
| MM | Management Module, Management Server |
| PS | Policy Server |
| SAA | Session Authentication Agent |
| SIC | Secure Internal Communication |
| SR | SecuRemote Client |
| SCl | SecureClient |
No warranty at all, your Feedback is welcome!
© 2002
AERAsec Network Services and Security GmbH,
last change 2002-07-25
back to http://www.vpn-1.de/