This version is still using more ports, e.g. those for LDAP (389/tcp, 636/tcp), L2TP
(1701/udp), HTTPS (443/tcp) or ICMP Echo Requests. The ports listed here are specific for Check Point
R70.
Here you find Ports used by Next Generation.
Ports used by NGX can be found here.
Please have a look at the Shortcuts used in this table.
| Port No. | Name in Service Manager | Short description |
| 256 /tcp | FW1 | Check Point Security Gateway Service - Get topology information from Mgmt or CMA to FW - Full synchronisation for HA configuration |
| 257 /tcp | FW1_log | Check Point Security Gateway Logs - Protocol used for delivering logs from FW to Mgmt - Protocol used for delivering logs from FW to CMA or CLM |
| 259 /tcp | FW1_clntauth_telnet | Check Point Security Gateway Client Authentication (Telnet) - Protocol for performing Client-Authentication at FW using telnet |
| 259 /udp | RDP | Check Point Security Gateway FWZ Key Negotiations - Reliable Datagram Protocol - Protocol used by SR/SCl for checking the availability of the FW/DTPS |
| 260 /udp | FW1_snmp | Check Point Security Gateway SNMP Agent - Check Point's SNMP, used additionally to 161/udp (snmp) |
| 261 /tcp | FW1_snauth | Check Point Security Gateway Session Authentication - Protocol for Session Authentication between FW and SAA |
| 262 /tcp | - not predefined - | only internally used by Mail Dequerer (process: mdq) |
| 264 /tcp | FW1_topo | Check Point Security Gateway SecuRemote Topology Requests - Topology Download for SR (build 4100 and higher) and SCl |
| 265 /tcp | FW1_key | Check Point Security Gateway Public Key Transfer Protocol - Public Key download for SR/SCl |
| 444 /tcp | CP_SSL_Network_Extender | SSL Network Extender port - Port for downloading the SSL Network Extender needed for SSL VPN |
| 900 /tcp | FW1_clntauth_http | Check Point Security Gateway Client Authentication (HTTP) - Protocol for performing Client-Authentication at FW using HTTP |
| 981 /tcp | EDGE | VPN-1 UTM Edge Portal - Remote administration from external IP addresses using HTTPS |
| 1111 /tcp | IPSO_Clustering_Mgmt_Protocol | Protocol used for distributing configuration changes among cluster members and cluster wide monitoring - For Nokia IPSO clusters only |
| 2746 /udp | VPN1_IDTPSEC_encaDTPSulation | Check Point VPN-1 SecuRemote IPSEC Transport
EncapSulation Protocol - Default-Protocol used for UDP encapsulation, Check Point proprietary |
| 4433 /tcp | - not predefined - | Default Port used for SmartPortal to have
read-access to rulebase, objects, users, etc. Access with HTTPS using a Web Browser |
| 4532 / tcp | - not predefined - | only internally used by Session Authentication (in.asessiond) |
| 5004 /udp | MetaIP-UAT | Check Point Meta IP UAM Client-Server Communication |
| 8116 /udp | - not predefined - | Check Point Cluster Control Protocol - Protocol for internal communication between High Availability Cluster Members. Used for e.g. report/query state, probing, load balancing |
| 8989 / tcp | - not predefined - | only internally used by CMA for Messaging (process: cpd) |
| 9281 /udp | SWTP_Gateway | VPN-1 Embedded / SofaWare commands - Encrypted Protocol for communication between MM and Check Point Appliance (e.g. VPN-1 Edge) |
| 9282 /udp | SWTP_SMS | VPN-1 Embedded / SofaWare Management Server (SMS) - Encrypted Protocol for communication between MM and Check Point Appliance (e.g. VPN-1 Edge) |
| 9283/tcp | SMS | VPN-1 Embedded / SofaWare Management Server (SMS) |
| 18181 /tcp | FW1_cvp | Check Point OPSEC Content Vectoring Protocol - Protocol used for communication between FW and AntiVirus Server |
| 18182 /tcp | FW1_ufp | Check Point OPSEC URL Filtering Protocol - Protocol used for communication between FW and Server for Content Control (e.g. Web Content) |
| 18183 /tcp | FW1_sam | Check Point OPSEC Suspicious Activity Monitor API - Protocol e.g. for Block Intruder between Mgmt (or CMA) and FW |
| 18184 /tcp | FW1_lea | Check Point OPSEC Log Export API - Protocol for exporting logs from Mgmt |
| 18185 /tcp | FW1_omi | Check Point OPSEC Objects Management Interface - Protocol used by applications having access to the ruleset saved at Mgmt |
| 18186 /tcp | FW1_omi-sic | Check Point OPSEC Objects Management Interface with
SIC - Protocol used by applications having access to the ruleset saved at Mgmt |
| 18187 /tcp | FW1_ela | Check Point OPSEC Event Logging API - Protocol for applications logging to the Firewall log at Mgmt |
| 18190 /tcp | CPMI | Check Point Management Interface - Protocol for communication between GUI and Mgmt - Protocol for connections from MDG to MDS and CMA |
| 18191 /tcp | CPD | Check Point Daemon Protocol - Download of rulebase from Mgmt to FW - Fetching rulebase, from FW to Mgmt or CMA when starting FW - Download of rulebase from MDS/CMA to FW |
| 18192 /tcp | CPD_amon | Check Point Internal Application Monitoring - Protocol for getting System Status, from Mgmt or MDS/CMA to FW |
| 18193 /tcp | FW1_amon | Check Point OPSEC Application Monitoring - Protocol for monitoring apDTPS, e.g. from Mgmt to CVP server |
| 18202 /tcp | CP_rtm | Check Point Real Time Monitoring - Protocol used by SmartView Monitor |
| 18205 /tcp | CP_reporting | Check Point Reporting Client Protocol - Protocol used by Reporting client when connecting to Reporting Server (Mgmt) |
| 18207 /tcp | FW1_pslogon | Check Point Policy Server Logon protocol - Protocol used for download of Desktop Security from DTPS to SCl (4.x clients only) |
| 18208 /tcp | FW1_CPRID | Check Point Remote Installation Protocol - Protocol used from MM to FW when installing Secure Updates. |
| 18209 /tcp | - not predefined - | Protocol used in SIC for communication between FW and ICA (status, issue, revoke) |
| 18210 /tcp | FW1_ica_pull | Check Point Internal CA Pull Certificate Service - Protocol used by SIC for e.g. FW pulling CA's from Mgmt |
| 18211 /tcp | FW1_ica_push | Check Point Internal CA Push Certificate Service - Protocol used by SIC for pushing CA's from Mgmt or CMA/MDS to FW |
| 18212 /udp | FW1_load_agent | Check Point ConnectControl Load Agent - Default-Port for Load Agent running on load-balanced Servers (e.g. WWW, FTP) |
| 18221 /tcp | CP_redundant | Check Point Redundant Management Protocol - Protocol used for synchronizing primary and secondary Mgmt or CMA - Protocol used for synchronizing primary and secondary MDS |
| 18231 /tcp | FW1_pslogon_NG | Check Point NG Policy Server Logon protocol
(NG) - Protocol used for download of Desktop Security from DTPS to SCl |
| 18232 /tcp | FW1_sds_logon | Check Point SecuRemote Distribution Server Protocol - Protocol for software distribution of Check Point components |
| 18233 /udp | FW1_scv_keep_alive | Check Point SecureClient Verification KeepAlive Protocol - Protocol for Secure Configuration Verification on SecureClient |
| 18234 /udp | tunnel_test | Check Point tunnel testing application - Protocol for testing applications through a VPN, used by SR/SCl |
| 18241 /udp | E2ECP | Check Point End to End Control Protocol - Protocol to check SLA's defined in Virtual Links by SmartView Monitor |
| 18264 /tcp | FW1_ica_services | Check Point Internal CA Fetch CRL and User Registration Services - Protocol for Certificate Revocation Lists and registering users when using the Policy Server - needed when e.g. FW is starting |
| 18265/tcp | FW1_ica_mgmt_tools | Check Point Internal CA Management Tools - Protocol for managing the ICA, also used for central administration of certificates on Mgmt. - needs to be started separately with the command cpca_client. |
| 18266 /tcp | CP_seam | Check Point SEAM Server Protocol |
| 19190 /tcp | FW1_netso | Check Point User Authority simple protocol - Protocol used in UA for connecting from UA Server to Web Plugin when authenticating users here |
| 19191 /tcp | FW1_uaa | Check Point OPSEC User Authority API - Protocol for connections to the UA Server |
| 19194 /udp | CP_SecureAgent-udp | SecureAgent Authentication service |
| 19195 /udp | CP_SecureAgent-udp | SecureAgent Authentication service |
| 60709 / tcp | - not predefined - | Internally used by SecurePlatform for web based system administration (process: cpwmd). It's bound to localhost, so no remote connect is possible. |
| 65524 /tcp | FW1_sds_logon_NG | Check Point SecuRemote Distribution Server Protocol - Protocol for software distribution of Check Point components in Next Generation |
Additionally defined protocols:
| Internet Protocol 17 | tunnel_test_mapped | tunnel testing for a module performing the tunnel test |
| Internet Protocol 50 | ESP | IDTPSEC EncaDTPSulating Security Payload Protocol |
| Internet Protocol 112 | VRRP | Virtual Router Redundancy Protocol, HA for Nokia's IDTPSO |
| FW | Firewall | ex Enforcement Point, Gateway |
| GUI | SmartConsole | |
| ICA | Internal CA, mostly primary SmartCenter | |
| Mgmt | Security Management Server | ex SmartCenter Server |
| DTPS | Policy Server | |
| SAA | Session Authentication Agent | |
| SIC | Secure Internal Communication | |
| SR | SecuRemote Client | |
| SCl | SecureClient | |
| MDG | Multi Domain GUI (Provider-1) | |
| MDS | Multi Domain Server, Manager or Container (Provider-1) | |
| CMA | Customer Management Add-on (Provider-1) | |
| MLM | Multi Customer Log Module (Provider-1) | |
| CLM | Log Server | ex Customer Log Module |
No warranty at all, your Feedback
is welcome!
© 2002-2011 AERAsec Network Services and
Security GmbH, last change 2009-04-29
back to http://www.vpn-1.de/aerasec