Check Point VPN-1/FireWall-1

TCP and UDP Ports used by Check Point NGX


AERAsec Network Services and Security GmbH


This table gives a short description of the TCP and UDP ports used by Check Point NGX

This version is still using more ports, e.g. those for LDAP (389/tcp, 636/tcp) or L2TP (1701/udp). The ports listed here are specific for Check Point NGX.
Here you find Ports used by Check Point VPN-1/FireWall-1 4.x, those for Next Generation can be found here.
Please have a look at the Shortcuts used in this table.

Port No. Name in Service Manager Short description
256 /tcp FW1 Check Point VPN-1 & FireWall-1 Service
- Get topology information from SCt or CMA to FWM
- Full synchronisation for HA configuration
257 /tcp FW1_log Check Point VPN-1 & FireWall-1 Logs
- Protocol used for delivering logs from FWM to SCt
- Protocol used for delivering logs from FWM to CMA or CLM
259 /tcp FW1_clntauth_telnet Check Point VPN-1 & FireWall-1 Client Authentication (Telnet)
- Protocol for performing Client-Authentication at FWM using telnet
259 /udp RDP Check Point Reliable Datagram Protocol
- Protocol used by SR/SCl for checking the availability of the FWM/PS
260 /udp FW1_snmp Check Point VPN-1 & FireWall-1 SNMP Agent
- Check Point's SNMP, used additionally to 161/udp (snmp)
261 /tcp FW1_snauth Check Point VPN-1 & FireWall-1 Session Authentication
- Protocol for Session Authentication between FWM and SAA
262 /tcp - not predefined - only internally used by Mail Dequerer (process: mdq)
264 /tcp FW1_topo Check Point VPN-1 SecuRemote Topology Requests
- Topology Download for SR (build 4100 and higher) and SCl
265 /tcp FW1_key Check Point VPN-1 Public Key Transfer Protocol
- Public Key download for SR/SCl
900 /tcp  FW1_clntauth_http Check Point VPN-1 & FireWall-1 Client Authentication (HTTP)
- Protocol for performing Client-Authentication at FWM using HTTP
981 /tcp - not predefined - Check Point VPN-1 Edge remote administration from external IPs using HTTPS
2746 /udp VPN1_IPSEC_encapsulation Check Point VPN-1 SecuRemote IPSEC Transport Encapsulation Protocol
- Default-Protocol used for UDP encapsulation, Check Point proprietary
4433 /tcp - not predefined - Default Port used for SmartPortal to have read-access to rulebase, objects, users, etc. 
Access with HTTPS using a Web Browser
4532 / tcp - not predefined -  only internally used by Session Authentication (in.asessiond)
5004 /udp MetaIP-UAT Check Point Meta IP UAM Client-Server Communication
8116 /udp - not predefined -  Check Point Cluster Control Protocol
- Protocol for internal communication between High Availability Cluster Members. Used for e.g. report/query state, probing, load balancing  
8989 / tcp - not predefined -  only internally used by CMA for Messaging (process: cpd)
9281 /udp SWTP_Gateway VPN-1 Embedded / SofaWare commands
- Encrypted Protocol for communication between MM and Check Point Appliance (e.g. VPN-1 Edge)
9282 /udp SWTP_SMS VPN-1 Embedded / SofaWare Management Server (SMS)
- Encrypted Protocol for communication between MM and Check Point Appliance (e.g. VPN-1 Edge)
9283/tcp SMS VPN-1 Embedded / SofaWare Management Server (SMS)
18181 /tcp FW1_cvp Check Point OPSEC Content Vectoring Protocol
- Protocol used for communication between FWM and AntiVirus Server
18182 /tcp FW1_ufp Check Point OPSEC URL Filtering Protocol
- Protocol used for communication between FWM and Server for Content Control (e.g. Web Content)
18183 /tcp FW1_sam Check Point OPSEC Suspicious Activity Monitor API
- Protocol e.g. for Block Intruder between SCt (or CMA) and FWM
18184 /tcp FW1_lea Check Point OPSEC Log Export API
- Protocol for exporting logs from SCt
18185 /tcp FW1_omi Check Point OPSEC Objects Management Interface
- Protocol used by applications having access to the ruleset saved at SCt
18186 /tcp FW1_omi-sic Check Point OPSEC Objects Management Interface with SIC
- Protocol used by applications having access to the ruleset saved at SCt 
18187 /tcp FW1_ela Check Point OPSEC Event Logging API
- Protocol for applications logging to the Firewall log at SCt
18190 /tcp CPMI Check Point Management Interface
- Protocol for communication between GUI and SCt
- Protocol for connections from MDG to MDS and CMA
18191 /tcp CPD Check Point Daemon Protocol
- Download of rulebase from SCt to FWM
- Fetching rulebase, from FWM to SCt or CMA when starting FWM
- Download of rulebase from MDS/CMA to FWM
18192 /tcp CPD_amon Check Point Internal Application Monitoring
- Protocol for getting System Status, from SCt or MDS/CMA to FWM
18193 /tcp FW1_amon Check Point OPSEC Application Monitoring
- Protocol for monitoring apps, e.g. from SCt to CVP server
18202 /tcp CP_rtm Check Point Real Time Monitoring
- Protocol used by SmartView Monitor
18205 /tcp CP_reporting Check Point Reporting Client Protocol
- Protocol used by Reporting client when connecting to Reporting Server (SCt)
18207 /tcp FW1_pslogon Check Point Policy Server Logon protocol
- Protocol used for download of Desktop Security from PS to SCl (4.x clients only)
18208 /tcp FW1_CPRID Check Point Remote Installation Protocol
- Protocol used from MM to FWM when installing Secure Updates.
18209 /tcp - not predefined - Protocol used in SIC for communication between FWM and ICA (status, issue, revoke)
18210 /tcp FW1_ica_pull Check Point Internal CA Pull Certificate Service
- Protocol used by SIC for e.g. FWM pulling CA's from SCt
18211 /tcp FW1_ica_push Check Point Internal CA Push Certificate Service
- Protocol used by SIC for pushing CA's from SCt or CMA/MDS to FWM
18212 /udp FW1_load_agent Check Point ConnectControl Load Agent
- Default-Port for Load Agent running on load-balanced Servers (e.g. WWW, FTP)
18221 /tcp CP_redundant Check Point Redundant Management Protocol
- Protocol used for synchronizing primary and secondary SCt or CMA
- Protocol used for synchronizing primary and secondary MDS
18231 /tcp FW1_pslogon_NG Check Point NG Policy Server Logon protocol (NG)
- Protocol used for download of Desktop Security from PS to SCl
18232 /tcp FW1_sds_logon Check Point SecuRemote Distribution Server Protocol
- Protocol for software distribution of Check Point components
18233 /udp FW1_scv_keep_alive Check Point SecureClient Verification KeepAlive Protocol
- Protocol for Secure Configuration Verification on SecureClient
18234 /udp tunnel_test Check Point tunnel testing application
- Protocol for testing applications through a VPN, used by SR/SCl
18241 /udp E2ECP Check Point End to End Control Protocol
- Protocol to check SLA's defined in Virtual Links by SmartView Monitor
18264 /tcp FW1_ica_services Check Point Internal CA Fetch CRL and User Registration Services
- Protocol for Certificate Revocation Lists and registering users when using the Policy Server
- needed when e.g. FWM is starting 
18265/tcp FW1_ica_mgmt_tools Check Point Internal CA Management Tools
- Protocol for managing the ICA, also used for central administration of certificates on SCt.
- needs to be started separately with the command cpca_client.
18266 /tcp CP_seam Check Point SEAM Server Protocol
19190 /tcp FW1_netso Check Point User Authority simple protocol
- Protocol used in UA for connecting from UA Server to Web Plugin when authenticating users here
19191 /tcp FW1_uaa Check Point OPSEC User Authority API
- Protocol for connections to the UA Server
19194 /udp CP_SecureAgent-udp SecureAgent Authentication service
19195 /udp CP_SecureAgent-udp SecureAgent Authentication service
60709 / tcp - not predefined -  Internally used by SecurePlatform for web based system administration (process: cpwmd). It's bound to localhost, so no remote connect is possible.
65524 /tcp FW1_sds_logon_NG Check Point SecuRemote Distribution Server Protocol
- Protocol for software distribution of Check Point components in Next Generation

Additionally defined protocols:

Internet Protocol 17 tunnel_test_mapped tunnel testing for a module performing the tunnel test
Internet Protocol 50 ESP IPSEC Encapsulating Security Payload Protocol
Internet Protocol 51 AH IPSEC Authentication Header Protocol
Internet Protocol 94 FW1_Encapsulation Check Point VPN-1 SecuRemote FWZ Encapsulation Protocol
Internet Protocol 112 VRRP Virtual Router Redundancy Protocol, HA for Nokia's IPSO

 


Shortcuts

FWM  Enforcement Point, also SecuRemote Server
GUI SmartConsole
ICA Internal CA, mostly primary SmartCenter
SCt SmartCenter
PS Policy Server
SAA Session Authentication Agent
SIC Secure Internal Communication
SR SecuRemote Client
SCl SecureClient
MDG Multi Domain GUI (Provider-1)
MDS Multi Domain Server, Manager or Container (Provider-1)
CMA Customer Management Add-on (Provider-1)
MLM Multi Customer Log Module (Provider-1)
CLM  Customer Log Module (Provider-1)

No warranty at all, your Feedback is welcome!
© 2002-2014 AERAsec Network Services and Security GmbH, last change 2007-01-04
back to http://www.vpn-1.de/aerasec