CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.

First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E


Results 1 to 4 of 4

Thread: Seeking explanation of high ports listening:

  1. #1
    Join Date
    Rep Power

    Default Seeking explanation of high ports listening:

    Hey all,

    A customer has to show all listening ports on there firewall and netstat -an reveals several (approx. 20) ports > 50000 listening to (IE all) on their box. I thought maybe it was for NAT or something along those lines, but when I checked my VM SPLAT, after installing a super basic policy ensuring no NATing/VPN was enabled, I found the close to the same amount of high ports listening on it. Adding the -p tag showed they all (with the exception of one) were open by fwd; therefore, a cpstop closed them. Anyone know why Check Points firewall uses these high ports?

    Policy properly blocks access to them; thus the need for the stealth rule, but customer still needs to explain the listening ports...

  2. #2
    Join Date
    Rep Power

    Default Re: Seeking explanation of high ports listening:

  3. #3
    Join Date
    Rep Power

    Default Re: Seeking explanation of high ports listening:

    Thank you,

    I actually ran across those in my initial research and saw the two > 50000 ports on the list but that doesn't explain the rest of the 20 of them... Hmm... I suppose they are for various management functionalities as well, and CP hasn't been forthcoming with my direct inquiry to them. I guess its one of those, unless you develop for CP, you'll never know. I provided what I could to customer, and emphasized the need of stealth rule and defining guiclients, due to this, and that seemed to satisfy his inquiry.

  4. #4
    Join Date
    United States, Southeast
    Rep Power

    Default Re: Seeking explanation of high ports listening:

    assuming the use of SecurePlatform, 'netstat -lnp' does not show all the listening ports.

    Many 'listeners' are in the kernel module, and as far as I know, cannot be discovered without a port scan. Some can be gleaned from $FWDIR/conf/fwauthd.conf.

Similar Threads

  1. Seeking Employment
    By Wainer19 in forum Employment/Consulting Opportunities For Check Point Administrators
    Replies: 1
    Last Post: 2008-12-03, 16:50
  2. UDP drops on high ports from email server?
    By Spacetrucker in forum SecureClient/SecuRemote
    Replies: 9
    Last Post: 2008-03-06, 18:47
  3. Enabling high ports during hotspot registration
    By denis.vincent in forum SecureClient/SecuRemote
    Replies: 1
    Last Post: 2007-10-15, 05:09
  4. Simple File Transfer Protocol (SFTP) and High Ports
    By runcmd in forum Miscellaneous
    Replies: 4
    Last Post: 2006-10-24, 11:16
  5. Port 500 - not listening
    By suzy_reid in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 5
    Last Post: 2006-04-27, 03:08

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts