Ports used by FireWall-1 NG

[roadrunner]

Ports used by FireWall-1 NG
FireWall-1 uses many ports for communication. The following list explains the ports that FireWall-1 uses


TCP Port 256 is used for three important things:
Exchange of CA and DH keys in FWZ and SKIP encryption between two FireWall-1 Management Consoles SecuRemote build 4005 and earlier uses this port to fetch the network topology and encryption keys from a FireWall-1 Management Console When instaling a policy, the management console uses this port to push the policy to the remote firewall.
TCP Port 257 is used by a remote firewall module to send logs to a management console.
TCP Port 259 is used for Client Authentication.
UDP Port 260 and UDP Port 161 are used for the SNMP daemon that Check Point FireWall-1 Provides.
TCP Port 264 is used for SecureClient (SecuRemote) build 4100 and later to fetch network topology and encryption keys from a FireWall-1 Management Console
TCP port 265, according to my 4.1SP1 objects.C, is labeled "Check Point VPN-1 Public Key Transfer Protocol." I'm guessing this is used by FireWall-1 to exchange public keys with other hosts.
UDP Port 500 is used for ISAKMP key exchange between firewalls or between a firewall and a host running SecureClient.
TCP Port 900 is used by FireWall-1's HTTP Client Authentication mechanism.
TCP Ports above 1024 are generally any Security Servers that are active. The actual ports used by these servers will vary.
UDP Port 2746 is used for UDP Encapsulation Mode.
TCP Port 18181 is used for CVP (Content Vectoring Protocol, for anti-virus scanning).
TCP Port 18182 is used for UFP (URL Filtering Protocol, for WebSense and the like).
TCP Port 18183 is used for SAM (Suspicious Activity Monitoring, for intrusion detection).
TCP Port 18184 is used for Log Export API (lea) .
TCP Port 18207 is used to log onto the Policy Server for SecureClient.
TCP Port 18208 is used for Check Point's Remote Installation Daemon.
TCP Port 18208 is used for Check Point's Remote Installation Daemon.
TCP Port 18190 is used by the Policy Editor/Smart Dashboard GUI.
TCP Port 18191 is used to push the security policy from the management station to the firewall module.
TCP Port 18192 is used to remotely monitor applications running on firewall modules (e.g. fwd).
TCP Port 19090 User Authority simple protocol
TCP Port 19191 is used for User Authentication API.
Note that access to ports 256, 257, 258, and 260 are generally permitted through the Policy Properties. To disable access to these ports, see the following FAQ: How can I disable everything in the rulebase properties in FireWall-1 NG? Any of the authentication-related services listed above can be disabled by commenting out the appropriate entries in $FWDIR/conf/fwauthd.conf. The sam and lea ports can be disabled by commenting out the apporpriate lines in $FWDIR/conf/fwopsec.conf.

-- GuyR - 18 Jan 2004


FAQForm
FAQs.Class: ServicesFAQs
FAQs.OS:
FAQs.Version: