CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.

Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E


Results 1 to 4 of 4

Thread: Seeking explanation of high ports listening:

  1. #1
    Join Date
    Rep Power

    Default Seeking explanation of high ports listening:

    Hey all,

    A customer has to show all listening ports on there firewall and netstat -an reveals several (approx. 20) ports > 50000 listening to (IE all) on their box. I thought maybe it was for NAT or something along those lines, but when I checked my VM SPLAT, after installing a super basic policy ensuring no NATing/VPN was enabled, I found the close to the same amount of high ports listening on it. Adding the -p tag showed they all (with the exception of one) were open by fwd; therefore, a cpstop closed them. Anyone know why Check Points firewall uses these high ports?

    Policy properly blocks access to them; thus the need for the stealth rule, but customer still needs to explain the listening ports...

  2. #2
    Join Date
    Rep Power

    Default Re: Seeking explanation of high ports listening:

  3. #3
    Join Date
    Rep Power

    Default Re: Seeking explanation of high ports listening:

    Thank you,

    I actually ran across those in my initial research and saw the two > 50000 ports on the list but that doesn't explain the rest of the 20 of them... Hmm... I suppose they are for various management functionalities as well, and CP hasn't been forthcoming with my direct inquiry to them. I guess its one of those, unless you develop for CP, you'll never know. I provided what I could to customer, and emphasized the need of stealth rule and defining guiclients, due to this, and that seemed to satisfy his inquiry.

  4. #4
    Join Date
    United States, Southeast
    Rep Power

    Default Re: Seeking explanation of high ports listening:

    assuming the use of SecurePlatform, 'netstat -lnp' does not show all the listening ports.

    Many 'listeners' are in the kernel module, and as far as I know, cannot be discovered without a port scan. Some can be gleaned from $FWDIR/conf/fwauthd.conf.

Similar Threads

  1. Seeking Employment
    By Wainer19 in forum Employment/Consulting Opportunities For Check Point Administrators
    Replies: 1
    Last Post: 2008-12-03, 16:50
  2. UDP drops on high ports from email server?
    By Spacetrucker in forum SecureClient/SecuRemote
    Replies: 9
    Last Post: 2008-03-06, 18:47
  3. Enabling high ports during hotspot registration
    By denis.vincent in forum SecureClient/SecuRemote
    Replies: 1
    Last Post: 2007-10-15, 05:09
  4. Simple File Transfer Protocol (SFTP) and High Ports
    By runcmd in forum Miscellaneous
    Replies: 4
    Last Post: 2006-10-24, 11:16
  5. Port 500 - not listening
    By suzy_reid in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 5
    Last Post: 2006-04-27, 03:08

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts