FireWall-1 uses many ports for communication. The following list explains
the ports that FireWall-1 uses
-
TCP Port 256 is used for three important things:
-
Exchange of CA and DH keys in FWZ and SKIP encryption between two FireWall-1
Management Consoles
-
SecuRemote build 4005 and earlier uses this port to fetch the network topology
and encryption keys from a FireWall-1 Management Console
-
When instaling a policy, the management console uses this port to push
the policy to the remote firewall.
-
TCP Port 257 is used by a remote firewall module to send logs to
a management console.
-
TCP Port 258 is used by the fwpolicy remote GUI.
-
TCP Port 259 is used for Client Authentication.
-
UDP Port 259 is used in FWZ encryption to manage the encrypted session
(SecuRemote and FireWall-1 to FireWall-1 VPNs).
-
UDP Port 260 and UDP Port 161 are used for the SNMP daemon that
Check Point FireWall-1 Provides.
-
TCP Port 264 is used for Secure Client (SecuRemote) build 4100 and
later to fetch network topology and encryption keys from a FireWall-1 Management
Console
-
TCP port 265, according to my 4.1SP1 objects.C, is labeled "Check
Point VPN-1 Public Key Transfer Protocol." I'm guessing this is used by
FireWall-1 to exchange public keys with other hosts.
-
UDP Port 500 is used for ISAKMP key exchange between firewalls or
between a firewall and a host running Secure Client.
-
TCP Port 900 is used by FireWall-1's HTTP Client Authentication
mechanism.
-
TCP Ports above 1024 are generally any Security Servers that are
active. The actual ports used by these servers will vary.
-
UDP Port 2746 is used for UDP Encapsulation Mode.
-
TCP Port 18181 is used for CVP (Content Vectoring Protocol, for
anti-virus scanning).
-
TCP Port 18182 is used for UFP (URL Filtering Protocol, for WebSense
and the like).
-
TCP Port 18183 is used for SAM (Suspicious Activity Monitoring,
for intrusion detection).
-
TCP Port 18184 is used for Log Export API (lea) .
-
TCP Port 18207 is used to log onto the Policy Server for Secure
Client.
-
TCP Port 18208 is used for Check Point's Remote Installation Daemon.
-
TCP Port 19090 User Authority simple protocol
-
TCP Port 19191 is used for User Authentication API.
Note that access to ports 256, 257, 258, and 260 are generally permitted
through the Policy Properties. To disable access to these ports, see the
following FAQ: How Can I Disable Everything in Rulebase
Properties? Any of the authentication-related services listed above
can be disabled by commenting out the appropriate entries in $FWDIR/conf/fwauthd.conf.
The sam and lea ports can be disabled by commenting out the apporpriate
lines in $FWDIR/conf/fwopsec.conf.
2002-Nov-24 18:20 dwelchATphoneboyDOTcom |