Сетевые порты, используемые в Check Point

Сетевые порты, используемые в Check Point

В данной статье приведён список портов, используемых в программном обеспечении Check Point.

*Примечание: помимо перечисленных портов, в программном обеспечении Check Point используются известные порты TCP для FTP (20 and 21), SMTP (25), HTTP (80) and HTTPS (443), а также некоторые UDP порты.

Содержание:
• Security Management | Управление безопасностью
• Firewall | Межсетевой экран
• Infrastructure | Инфраструктура
• IPsec VPN / SecureRemote / SecureClient | Удалённый доступ к корпоративной сети
• Endpoint Security | Безопасность конечных станций
• Anti-Virus | Антивирус
• URL Filtering | Фильтрация URL-адресов
• Identity Awareness | Управление политиками безопасности через аутентификацию
• Data Loss Prevention (DLP) | Предотвращение утечек информации
• Threat Emulation | Предотвращение угроз и атак нулевого дня
• Anti-Spam | Антиспам
• Mobile Access| Удалённый доступ
• Clustering | Развертывание сетевой безопасности
• Eventia Analyzer / Reporting | Управления событиями безопасности/ Отчётность
• UTM-1 Edge
• Related solutions | Связанные решения

Протокол Номер порта Имя сервиса и комментарий Назначение
Security Management | Управление безопасностью
TCP 258 ‘FW1_mgmt’ — Check Point Security Management (Version 4.x) Communication between SmartConsole applications and Security Management Server (by FWM daemon)
TCP 8989 not predefined Loopback port (used by CPD process). Used only on Provider-1 Customer Management Add-on (CMA) / Domain Management Server for Session Authentication — CAPS Messaging (MSG_DEFAULT_PORT)
TCP 18184 ‘FW1_lea’ — Check Point OPSEC Log Export API Exporting FireWall logs by OPSEC products from Security Management Server (by FWD daemon)
TCP 18185 ‘FW1_omi’ — Check Point OPSEC Objects Management Interface Protocol used by applications having access to the ruleset saved on Security Management Server
TCP 18186 ‘FW1_omi-sic’ — Check Point OPSEC Objects Management Interface with Secure Internal Communication (SIC) Secure Internal Communication (SIC) between OPSEC certified products and Security Gateway
TCP 18187 ‘FW1_ela’ — Check Point OPSEC Event Logging API Sending FireWall logs by OPSEC products to Security Management Server (to FWD daemon)
TCP 18190 ‘CPMI’ — Check Point Management Interface Used by the FireWall Management process (FWM) to listen for Management Clients attempting to connect to the management module:

  • Protocol used for Communication between the SmartConsole and the Security Management Server
  • Protocol for connections from Multi-Domain GUI to MDS and CMA / Domain
TCP 18202 ‘CP_rtm’ — Check Point Real Time Monitoring Loopback port (used by RTM process). SmartView Monitor
TCP 18209 not predefined SIC communication (status, issue, revoke) between the Security Management Server (the Internal Certificate Authority (ICA)) and objects managed by this Security Management Sever (Security Gateways, OPSEC applications, etc.) (by FWM daemon)
TCP 18210 ‘FW1_ica_pull’ — Check Point Internal CA Pull Certificate Service Pulling certificates by Security Gateway from Security Management Sever (ICA_PULL, FWCA_PULL_PORT) (by CPCA daemon)
TCP 18211 ‘FW1_ica_push’ — Check Point Internal CA Push Certificate Service Pushing certificates from the Internal Certificate Authority (ICA) on Security Management Sever (by CPD daemon) to Security Gateway
TCP 18221 ‘CP_redundant’ — Check Point Redundant Management Protocol Synchronization between Primary and Secondary Security Management Severs / Customer Management Add-ons (CMAs) / Domain Management Servers (by FWM daemon)
TCP 18241 ‘E2ECP’ — Check Point End to End Control Protocol Loopback port (used by RTM process). Checking SLA’s defined in Virtual Links by SmartView Monitor
TCP 18265 ‘FW1_ica_mgmt_tools’ — Check Point Internal CA Management Tools
  • Managing the ICA and central administration of Internal Certificate Authority (ICA) on the Security Management Server
  • Needs to be started separately with the Security Management Server andcpca_client
Firewall | Межсетевой экран
TCP 256 ‘FW1’ — Check Point Security Gateway Service Communication between SmartConsole applications and Security Management Server (by FWM daemon)
TCP 257 ‘FW1_log’ — Check Point Security Gateway Logs Loopback port (used by CPD process). Used only on Provider-1 Customer Management Add-on (CMA) / Domain Management Server for Session Authentication — CAPS Messaging (MSG_DEFAULT_PORT)
TCP 259 ‘FW1_clntauth_telnet’ — Check Point Security Gateway Client Authentication (Telnet) Exporting FireWall logs by OPSEC products from Security Management Server (by FWD daemon)
UDP 260 ‘FW1_snmp’ — Check Point Security Gateway SNMP Agent Protocol used by applications having access to the ruleset saved on Security Management Server
TCP 261 ‘FW1_snauth’ — Check Point Security Gateway Session Authentication Secure Internal Communication (SIC) between OPSEC certified products and Security Gateway
TCP 262 not predefined Sending FireWall logs by OPSEC products to Security Management Server (to FWD daemon)
TCP 900 ‘FW1_clntauth_http’ — Check Point Security Gateway Client Authentication (HTTP) Used by the FireWall Management process (FWM) to listen for Management Clients attempting to connect to the management module:

  • Protocol used for Communication between the SmartConsole and the Security Management Server
  • Protocol for connections from Multi-Domain GUI to MDS and CMA / Domain
TCP 4532 not predefined Loopback port (used by RTM process). SmartView Monitor
UDP 5004 ‘MetaIP-UAT’ — Check Point Meta IP UAM Client-Server Communication SIC communication (status, issue, revoke) between the Security Management Server (the Internal Certificate Authority (ICA)) and objects managed by this Security Management Sever (Security Gateways, OPSEC applications, etc.) (by FWM daemon)
TCP 18183 ‘FW1_sam’ — Check Point OPSEC Suspicious Activity Monitor API Pulling certificates by Security Gateway from Security Management Sever (ICA_PULL, FWCA_PULL_PORT) (by CPCA daemon)
UDP 18212 ‘FW1_load_agent’ — Check Point ConnectControl Load Agent Pushing certificates from the Internal Certificate Authority (ICA) on Security Management Sever (by CPD daemon) to Security Gateway
TCP 18190 ‘FW1_netso’ — Check Point User Authority simple protocol Synchronization between Primary and Secondary Security Management Severs / Customer Management Add-ons (CMAs) / Domain Management Servers (by FWM daemon)
TCP 19191 ‘FW1_uaa’ — Check Point OPSEC User Authority API Loopback port (used by RTM process). Checking SLA’s defined in Virtual Links by SmartView Monitor
UDP 19194 & 19195 ‘CP_SecureAgent-udp’ — SecureAgent Authentication service
  • Managing the ICA and central administration of Internal Certificate Authority (ICA) on the Security Management Server
  • Needs to be started separately with the Security Management Server andcpca_client
Infrastructure  | Инфраструктура
TCP 1129 not predefined Synchronization between members of a Gaia Cloning Group
TCP 2024 not predefined Used internally on 61000/41000 Data Center Security Appliances for copying of SSM firmware file to SSM
TCP 4434 not predefined Gaia Portal / SecurePlatform WebUI on Check Point Appliances
UDP 18191 ‘CPD’ — Check Point Daemon (CPD)
  • Installing of rulebase from Security Management Server / Customer Management Add-on (CMA) / Domain Management Server to Security Gateway
  • Fetching rulebase by Security Gateway (during start) from Security Management Server / Customer Management Add-on (CMA) / Domain Management Server
  • Certificate revocation
TCP 18192 ‘CPD_amon’ — Check Point Internal Application Monitoring Getting System Status from Check Point products (Security Gateway / Security Management Server / etc.) (by CPD daemon)
TCP 18193 ‘FW1_amon’ — Check Point OPSEC Application Monitoring Getting System Status from OPSEC products (by CPD daemon)
TCP 18208 ‘FW1_CPRID’ — Check Point Remote Installation Protocol Remote Installation of packages from Security Management Server / Customer Management Add-on (CMA) / Domain Management Server to Security Gateway (SmartUpdate) (by CPRID daemon)
TCP 18262 ‘CP_Exnet_PK’ — Check Point Extranet public key resolution Exchange of public keys when configuring Extranet (not supported since NG AI R55)
UDP 18263 ‘CP_Exnet_resolve’ — Check Point Extranet remote objects resolution Importing exported objects from partner in Extranet (not supported since NG AI R55)
TCP 18264 ‘FW1_ica_services’ — Check Point Internal CA Fetch CRL and User Registration Services Protocol for Certificate Revocation Lists and registering users when using the Policy Server (needed when, e.g., Security Gateway is starting).
Refer to sk35292
UDP 18300 ‘UserCheck’ — Check Point Daemon Protocol Policy-driven user interaction for Application Control, URL Filtering, DLP (by USRCHKD daemon)
TCP 20000 not predefined Used internally on 61000/41000 Data Center Security Appliances on the SSM during the firmware upgrade
TCP 60706 not predefined Loopback port (used by CPWMD process). The back-end for web user interface on SecurePlatform OS (Check Point Web Management)
UDP 60709 not predefined Loopback port (used by CPWMD process). The back-end for web user interface on SecurePlatform OS (Check Point Web Management)
IPsec VPN / SecuRemote / SecureClient | Удалённый доступ к корпоративной сети
UDP 259 ‘RDP’ — Check Point Security Gateway FWZ Key Negotiations.Note: Proprietary Check Point «Reliable Data Protocol» (does not comply with RDP as specified in RFC 908/RFC 1151)
  • FWZ VPN (supported up to NG FP1 version only)
  • SecuRemote/SecureClient checks the availability of the Security Gateway/Desktop Policy Server
  • When more than one IP address is available on a Security Gateway for VPN, RDP probing method is used to determine which VPN link will be used between Check Point VPN Gateways (by VPND daemon)
TCP 264 ‘FW1_topo’ — Check Point Security Gateway SecuRemote Topology Requests Topology Download from Security Gateway (by FWD daemon) to SecuRemote (build 4100 and higher) and SecureClient
TCP 265 ‘FW1_key’ — Check Point Security Gateway Public Key Transfer Protocol
  • Exchanging CA-keys and DH-keys between management servers (SKIP, FWZ(4.x)) (by FWD daemon)
  • Public Key download from Security Gateway (by FWD daemon) to SecuRemote/SecureClient
TCP 444 ‘CP_SSL_Network_Extender’ — SSL Network Extender port
  • SSL Network Extender (SNX)
  • Remote Access Client configuration
  • Visitor Mode

(by VPND daemon)

UDP 500 ‘IKE’ — IPSEC Internet Key Exchange Protocol (formerly ISAKMP/Oakley) IKE negotiation over UDP (by VPND daemon)
TCP 500 ‘IKE_tcp’ — IPSEC Internet Key Exchange Protocol over TCP IKE negotiation over TCP (by VPND daemon)
UDP 2746 ‘VPN1_IPSEC_encapsulation’ — Check Point Security Gateway SecuRemote IPSEC Encapsulation Protocol UDP encapsulation
UDP 4500 ‘IKE_NAT_TRAVERSAL’ — NAT Traversal (NAT-T) Protocol NAT Traversal adds a UDP header, which encapsulates the IPSec ESP header (by VPND daemon)
TCP 18207 ‘FW1_pslogon’ — Check Point Policy Server Logon protocol NAT Traversal adds a UDP header, which encapsulates the IPSec ESP header (by VPND daemon)
TCP 18231 ‘FW1_pslogon_NG’ — Check Point NG Policy Server Logon protocol Installing of Desktop Security policy from the Policy Server (DTPSD daemon) to SecureClient
TCP 18232 ‘FW1_sds_logon’ — Check Point SecuRemote Distribution Server Protocol Software distribution of Check Point components
UDP 18233 ‘FW1_scv_keep_alive’ — Check Point SecureClient Verification Keepalive Protocol Secure Configuration Verification on SecureClient
UDP 18234 ‘tunnel_test’ — Check Point tunnel testing application Testing ICA through VPN by SecuRemote/SecureClient
TCP 65524 ‘FW1_sds_logon_NG’ — SecuRemote Distribution Server Protocol (VC and higher) Software distribution of Check Point components in NG versions
Internet Protocol 17 ‘tunnel_test_mapped’ — Tunnel testing for a module performing the tunnel test VPN tunnel testing for a module performing the tunnel test
Internet Protocol 50 ‘ESP’ — IPSEC Encapsulating Security Payload Protocol Encapsulating Security Payload (ESP) is a member of the IPsec protocol suite. In IPsec it provides origin authenticity, integrity and confidentiality protection of packets
Internet Protocol 94 FW1_Encapsulation — Check Point Security Gateway SecuRemote FWZ Encapsulation Protocol Encryption scheme for SecuRemote
Endpoint Security | Безопасность конечных станций
TCP 80 not predefined Client —> Policy Server communication (over HTTP):
Policy download, Anti-Malware updates, Client package, Application Control
TCP 80 not predefined Client —> Policy Server communication (encrypted ESP):
Sync request, heartbeat, log upload
TCP 81 not predefined Used on Endpoint Security Management Server for CPTNL proxy —> Apache communication
TCP 443 not predefined Client —> Policy Server and Policy Server -> Endpoint Management Server communication (over HTTPS):
Endpoint registration, new internal communication encryption key retrieval
TCP 443 not predefined Client —> Policy Server and Policy Server -> Endpoint Management Server communication (encrypted ESP):
FDE Recovery Data Upload, FDE User Acquisition & User Credentials, Media Encryption & Port Protection Key Exchange
TCP 1080 not predefined Used by CPTNL client SOCKS proxy on Policy Server
TCP 1081 not predefined Used by CPTNL client SOCKS proxy on Policy Server
TCP 6666 not predefined Used on Endpoint Security Management Server
TCP 8005 not predefined Loopback port (used by EPM process). Apache Tomcat server on Endpoint Security Management Server
TCP 8009 not predefined Loopback port (used by EPM process). Apache <—> Apache Tomcat AJP on Endpoint Security Management Server
TCP 8080 not predefined Loopback port (used by EPM process). Endpoint Security Management Server and Directory Scanner —> Apache Tomcat HTTP on Endpoint Security Management Server
TCP 8443 not predefined Used by Apache Tomcat HTTP on Endpoint Security Management Server
TCP 18190 not predefined SmartEndpoint / EndpointManagement Console —> Endpoint Security Management Server communication (over SIC)
TCP 18193 not predefined Endpoint Policy Server —> Endpoint Security Management Server communication (used by CPTNL server SOCKS proxy on Endpoint Policy Server)
TCP 18221 not predefined Endpoint Security Management Server <—> Secondary Endpoint Security Management Server communication (over SIC)
TCP 18272 not predefined Used by PostgreSQL on Endpoint Management Server
TCP 31415 not predefined For Primary Endpoint Management Server <—> Secondary Endpoint Management Server and Endpoint Management Server <—> Web Remote Help server communications only when synchronization method is automatic online (starting from R77.20)
TCP 61616 not predefined Loopback port (used by EPM process). Apache ActiveMQ (AMQ) access on Endpoint Security Management Server
Anti-Virus | Антивирус
TCP 12873 ‘ci_http_server’ — Image server for Anti-Virus block page Server that sends images of the Anti-Virus block page block page returned to the user
TCP 18181 ‘FW1_cvp’ — Check Point OPSEC Content Vectoring Protocol Encrypted Protocol for Communication between Security Gateway and OPSEC Anti-Virus Server
URL Filtering | Фильтрация URL-адресов
TCP 18182 ‘FW1_ufp’ — Check Point OPSEC URL Filtering Protocol Encrypted Protocol for Communication between Security Gateway and OPSEC Server for Content Control (e.g. Web Content)
Identity Awareness | Управление политиками безопасности через аутентификацию
TCP 15105 ‘identity_control_port’ — Identity Control Blade Identity control sync to LDAP servers (AD controllers) and identity sharing in Identity Awareness
TCP 17000 not predefined Identity Propagation from 3rd party identity providers (over SIC)
TCP 28581 ‘identity_control_port’ — Identity Awareness CUsed by in Identity Awareness for identity sharing (sharing identities between gateways)
Data Loss Prevention (DLP) | Предотвращение утечек информации 
TCP 18301 CheckPointExchangeAgent Communication between DLP Software Blade on Security Gateway and Check Point Exchange Agent running on Microsoft Exchange Server
Threat Emulation | Предотвращение угроз и атак нулевого дня
TCP 18194 not predefined Used by Threat Emulation daemon engine, responsible for emulating files and communication with the cloud — communication with the sending Security Gateway when running Threat Emulation as a remote emulator (by TED daemon)
TCP 30580 not predefined Loopback port (used by TED process). Communication with files sent via the DLPU process
Anti-Spam | Антиспам
TCP 7087 not predefined Loopback port (used by EMAILD / MSD / CTASD / CTIPD processes)
Mobile Access| Удалённый доступ
TCP 301 not predefined Client —> Policy Server communication (over HTTP):
Policy download, Anti-Malware updates, Client package, Application Control
TCP 401 not predefined Client —> Policy Server communication (over HTTP):
Policy download, Anti-Malware updates, Client package, Application Control
TCP 443 ‘https’ — HTTP protocol over TLS/SSL Client —> Policy Server communication (over HTTP):
Policy download, Anti-Malware updates, Client package, Application Control
TCP 5432 ‘PostgreSQL’ — PostgreSQL database server Client —> Policy Server communication (over HTTP):
Policy download, Anti-Malware updates, Client package, Application Control
TCP 8880 ‘HTTP_and_HTTPS_proxy’ Client —> Policy Server communication (over HTTP):
Policy download, Anti-Malware updates, Client package, Application Control
TCP 9876 not predefined Client —> Policy Server communication (over HTTP):
Policy download, Anti-Malware updates, Client package, Application Control
TCP 9998 not predefined Client —> Policy Server communication (over HTTP):
Policy download, Anti-Malware updates, Client package, Application Control
Clustering| Развертывание сетевой безопасности
UDP 8116 not predefined — Cluster Control Protocol (CCP) Communication between Check Point cluster members (Health Checks and State Synchronization)
Internet Protocol 112 ‘vrrp’ — Virtual Router Redundancy Protocol High Availability for Check Point cluster running on IPSO OS / Gaia OS
Eventia Analyzer / Reporting | Управления событиями безопасности/ Отчётность
TCP 18205 ‘CP_reporting’ — Check Point Reporting Client Protocol Communication between Reporting Client (GUI) and Reporting Server (Security Management Server). Reporting Server listens on this port
TCP 18266 ‘CP_seam’ — Check Point Eventia Analyzer Server Protocol Communication with Eventia Analyzer Server
UTM-1 Edge
TCP 981 ‘EDGE’ — UTM-1 Edge Portal Connection to UTM-1 Edge Web GUI when connecting via WAN port
UDP 9281 ‘SWTP_Gateway’ — VPN-1 Embedded/SofaWare commands Encrypted Protocol for Communication between Security Management Server and UTM-1 Edge devices
UDP 9282 ‘SWTP_SMS’ — VPN-1 embedded / SofaWare Management Server (SMS) Encrypted Protocol for Communication between Security Management Server and UTM-1 Edge devices
TCP 9283 not predefined SofaWare Management Server (SMS) Portal on Security Management Server / Domain Management Server