protocol 50

[gchow]

What is mean by protocol 50 ?
Is UDP or TCP?
Does it use port 50?
How to create?
Thanks.

The following is the suggest solution found in checkpoint, but I have the above question which related to this solution


Solution ID: sk13187 Previous Next


Ports and IP protocol numbers needed to be opened on a non-VPN gateway to enable SecuRemote/SecureClient traffic


Product: VPN-1 Pro (VPN-1/FW-1)
Version: NG, NG AI, NGX
Last Modified: 26-Sep-2007
Print this Solution
Email this Solution
Back to Results List







Solution



Here is the list of ports and IP Protocol numbers that need to be open:


protocol 50 for ESP

UDP 2746 for UDP Encapsulation

UDP 500 for IKE

TCP 500 for IKE over TCP

TCP 18231 for Policy Server logon when the client is inside the network

UDP 18233 for Keepalive protocol when the client is inside the network

TCP 18232 for Distribution Server when the client is inside the network (Version NG)

TCP 264 for topology download

UCP 259 for MEP configuration

UDP 18234 for performing tunnel test when the client is inside the network

UDP 4500 for IKE and IPSEC (NAT-T)

TCP 18264 for ICA certificate registration

Note: MEP's UDP RDP packets are not encrypted, and only test the availability of a peer gateway. RDP (UDP port 259) connections to gateways are allowed by the "Accept FireWall-1 Control Connections" property.

Related Solution
sk17745: What services are allowed by the "Accept FireWall-1 Control Connections" property

[abusharif]

Protocols:ESP - Colasoft

[MarioL]

Protocol 50 is already defined on the check Point, as ESP. It's at the same level as TCP, UDP, ICMP (which also have their protocol numbers).

This is used on VPNs and usually you will want a rule allowing ESP between all the VPN gateways. This is part of the implied rules and doesn't need to be created, unless you disable them.