Сетевые порты, используемые
в Check Point

Протокол;Номер порта;Имя сервиса и комментарий;Назначение

TCP;258;‘FW1_mgmt’ — Check Point Security Management (Version 4.x);Communication between SmartConsole applications and Security Management Server (by FWM daemon) TCP;8989;not predefined;Loopback port (used by CPD process). Used only on Provider-1 Customer Management Add-on (CMA) / Domain Management Server for Session Authentication — CAPS Messaging (MSG_DEFAULT_PORT) TCP;18184;‘FW1_lea’ — Check Point OPSEC Log Export API;Exporting FireWall logs by OPSEC products from Security Management Server (by FWD daemon) TCP;18185;‘FW1_omi’ — Check Point OPSEC Objects Management Interface;Protocol used by applications having access to the ruleset saved on Security Management Server TCP;18186;‘FW1_omi-sic’ — Check Point OPSEC Objects Management Interface with Secure Internal Communication (SIC);Secure Internal Communication (SIC) between OPSEC certified products and Security Gateway TCP; 18187;‘FW1_ela’ — Check Point OPSEC Event Logging API;Sending FireWall logs by OPSEC products to Security Management Server (to FWD daemon) TCP;18190;‘CPMI’ — Check Point Management Interface; Used by the FireWall Management process (FWM) to listen for Management Clients attempting to connect to the management module: Protocol used for Communication between the SmartConsole and the Security Management Server & Protocol for connections from Multi-Domain GUI to MDS and CMA / Domain TCP;18202;‘CP_rtm’ — Check Point Real Time Monitoring;Loopback port (used by RTM process). SmartView Monitor TCP;18209;not predefined;SIC communication (status, issue, revoke) between the Security Management Server (the Internal Certificate Authority (ICA)) and objects managed by this Security Management Sever (Security Gateways, OPSEC applications, etc.) (by FWM daemon) TCP;18210;‘FW1_ica_pull’ — Check Point Internal CA Pull Certificate Service;Pulling certificates by Security Gateway from Security Management Sever (ICA_PULL, FWCA_PULL_PORT) (by CPCA daemon) TCP;18211;‘FW1_ica_push’ — Check Point Internal CA Push Certificate Service ;Pushing certificates from the Internal Certificate Authority (ICA) on Security Management Sever (by CPD daemon) to Security Gateway TCP;18221;‘CP_redundant’ — Check Point Redundant Management Protocol;Synchronization between Primary and Secondary Security Management Severs / Customer Management Add-ons (CMAs) / Domain Management Servers (by FWM daemon) TCP;18241;‘E2ECP’ — Check Point End to End Control Protocol;Loopback port (used by RTM process). Checking SLA’s defined in Virtual Links by SmartView Monitor TCP;18265;‘FW1_ica_mgmt_tools’ — Check Point Internal CA Management Tools;Managing the ICA and central administration of Internal Certificate Authority (ICA) on the Security Management Server & Needs to be started separately with the Security Management Server andcpca_client

Протокол;Номер порта;Имя сервиса и комментарий;Назначение

TCP;256;‘FW1’ — Check Point Security Gateway Service;Communication between SmartConsole applications and Security Management Server (by FWM daemon) TCP;257;‘FW1_log’ — Check Point Security Gateway Logs;Loopback port (used by CPD process). Used only on Provider-1 Customer Management Add-on (CMA) / Domain Management Server for Session Authentication — CAPS Messaging (MSG_DEFAULT_PORT) TCP;259;‘FW1_clntauth_telnet’ — Check Point Security Gateway Client Authentication (Telnet);Exporting FireWall logs by OPSEC products from Security Management Server (by FWD daemon) UDP;260;‘FW1_snmp’ — Check Point Security Gateway SNMP Agent;Protocol used by applications having access to the ruleset saved on Security Management Server TCP;261;‘FW1_snauth’ — Check Point Security Gateway Session Authentication;Secure Internal Communication (SIC) between OPSEC certified products and Security Gateway TCP;262;not predefined;Sending FireWall logs by OPSEC products to Security Management Server (to FWD daemon) "TCP;900;‘FW1_clntauth_http’ — Check Point Security Gateway Client Authentication (HTTP);Used by the FireWall Management process (FWM) to listen for Management Clients attempting to connect to the management module:Protocol used for Communication between the SmartConsole and the Security Management Server Protocol for connections from Multi-Domain GUI to MDS and CMA / Domain" TCP;4532;not predefined;Loopback port (used by RTM process). SmartView Monitor UDP;5004;‘MetaIP-UAT’ — Check Point Meta IP UAM Client-Server Communication;SIC communication (status, issue, revoke) between the Security Management Server (the Internal Certificate Authority (ICA)) and objects managed by this Security Management Sever (Security Gateways, OPSEC applications, etc.) (by FWM daemon) TCP;18183;‘FW1_sam’ — Check Point OPSEC Suspicious Activity Monitor API;Pulling certificates by Security Gateway from Security Management Sever (ICA_PULL, FWCA_PULL_PORT) (by CPCA daemon) UDP;18212;‘FW1_load_agent’ — Check Point ConnectControl Load Agent;Pushing certificates from the Internal Certificate Authority (ICA) on Security Management Sever (by CPD daemon) to Security Gateway TCP;18190;‘FW1_netso’ — Check Point User Authority simple protocol;Synchronization between Primary and Secondary Security Management Severs / Customer Management Add-ons (CMAs) / Domain Management Servers (by FWM daemon) TCP;19191;‘FW1_uaa’ — Check Point OPSEC User Authority API;Loopback port (used by RTM process). Checking SLA’s defined in Virtual Links by SmartView Monitor UDP;19194 & 19195;‘CP_SecureAgent-udp’ — SecureAgent Authentication service;Managing the ICA and central administration of Internal Certificate Authority (ICA) on the Security Management Server Needs to be started separately with the Security Management Server andcpca_client

Протокол;Номер порта;Имя сервиса и комментарий;Назначение

TCP;1129;not predefined;Synchronization between members of a Gaia Cloning Group TCP;2024;not predefined;Used internally on 61000/41000 Data Center Security Appliances for copying of SSM firmware file to SSM TCP;4434;not predefined;Gaia Portal / SecurePlatform WebUI on Check Point Appliances UDP;18191;‘CPD’ — Check Point Daemon (CPD);Installing of rulebase from Security Management Server / Customer Management Add-on (CMA) / Domain Management Server to Security Gateway | Fetching rulebase by Security Gateway (during start) from Security Management Server / Customer Management Add-on (CMA) / Domain Management Server | Certificate revocationa TCP;18192;‘CPD_amon’ — Check Point Internal Application Monitoring;Getting System Status from Check Point products (Security Gateway / Security Management Server / etc.) (by CPD daemon) TCP;18193;‘FW1_amon’ — Check Point OPSEC Application Monitoring;Getting System Status from OPSEC products (by CPD daemon) TCP;18208;‘FW1_CPRID’ — Check Point Remote Installation Protocol;Remote Installation of packages from Security Management Server / Customer Management Add-on (CMA) / Domain Management Server to Security Gateway (SmartUpdate) (by CPRID daemon) TCP;18262;‘CP_Exnet_PK’ — Check Point Extranet public key resolution;Exchange of public keys when configuring Extranet (not supported since NG AI R55) UDP;18263;‘CP_Exnet_resolve’ — Check Point Extranet remote objects resolution;Importing exported objects from partner in Extranet (not supported since NG AI R55) TCP;18264;‘FW1_ica_services’ — Check Point Internal CA Fetch CRL and User Registration Services;Protocol for Certificate Revocation Lists and registering users when using the Policy Server (needed when, e.g., Security Gateway is starting). Refer to sk35292 UDP;18300;‘UserCheck’ — Check Point Daemon Protocol;Policy-driven user interaction for Application Control, URL Filtering, DLP (by USRCHKD daemon) TCP;20000;not predefined;Used internally on 61000/41000 Data Center Security Appliances on the SSM during the firmware upgrade TCP;20000;not predefined;Used internally on 61000/41000 Data Center Security Appliances on the SSM during the firmware upgrade TCP;60706;not predefined;Loopback port (used by CPWMD process). The back-end for web user interface on SecurePlatform OS (Check Point Web Management) UDP;60709;not predefined;Loopback port (used by CPWMD process). The back-end for web user interface on SecurePlatform OS (Check Point Web Management)

Протокол;Номер порта;Имя сервиса и комментарий;Назначение

UDP;259;‘RDP’ — Check Point Security Gateway FWZ Key Negotiations.Note: Proprietary Check Point «Reliable Data Protocol» (does not comply with RDP as specified in RFC 908/RFC 1151);FWZ VPN (supported up to NG FP1 version only). SecuRemote/SecureClient checks the availability of the Security Gateway/Desktop Policy Server. When more than one IP address is available on a Security Gateway for VPN, RDP probing method is used to determine which VPN link will be used between Check Point VPN Gateways (by VPND daemon) TCP;264;‘FW1_topo’ — Check Point Security Gateway SecuRemote Topology Requests;Topology Download from Security Gateway (by FWD daemon) to SecuRemote (build 4100 and higher) and SecureClient TCP;265;‘FW1_key’ — Check Point Security Gateway Public Key Transfer Protocol;Exchanging CA-keys and DH-keys between management servers (SKIP, FWZ(4.x)) (by FWD daemon). Public Key download from Security Gateway (by FWD daemon) to SecuRemote/SecureClient TCP;444;‘CP_SSL_Network_Extender’ — SSL Network Extender port;SSL Network Extender (SNX). Remote Access Client configuration. Visitor Mode. (by VPND daemon) UDP;500;‘IKE’ — IPSEC Internet Key Exchange Protocol (formerly ISAKMP/Oakley);IKE negotiation over UDP (by VPND daemon) TCP;500;‘IKE_tcp’ — IPSEC Internet Key Exchange Protocol over TCP;IKE negotiation over TCP (by VPND daemon) UDP;2746;‘VPN1_IPSEC_encapsulation’ — Check Point Security Gateway SecuRemote IPSEC Encapsulation Protocol;UDP encapsulation UDP;4500;‘IKE_NAT_TRAVERSAL’ — NAT Traversal (NAT-T) Protocol;NAT Traversal adds a UDP header, which encapsulates the IPSec ESP header (by VPND daemon) TCP;18207;‘FW1_pslogon’ — Check Point Policy Server Logon protocol;NAT Traversal adds a UDP header, which encapsulates the IPSec ESP header (by VPND daemon) TCP;18231;‘FW1_pslogon_NG’ — Check Point NG Policy Server Logon protocol;Installing of Desktop Security policy from the Policy Server (DTPSD daemon) to SecureClient TCP;18232;‘FW1_sds_logon’ — Check Point SecuRemote Distribution Server Protocol;Software distribution of Check Point components UDP;18233;‘FW1_scv_keep_alive’ — Check Point SecureClient Verification Keepalive Protocol;Secure Configuration Verification on SecureClient UDP;18234;‘tunnel_test’ — Check Point tunnel testing application;Testing ICA through VPN by SecuRemote/SecureClient TCP;65524;‘FW1_sds_logon_NG’ — SecuRemote Distribution Server Protocol (VC and higher);Software distribution of Check Point components in NG versions Internet Protocol 17;—;‘tunnel_test_mapped’ — Tunnel testing for a module performing the tunnel test;VPN tunnel testing for a module performing the tunnel test Internet Protocol 50;—;‘ESP’ — IPSEC Encapsulating Security Payload Protocol;Encapsulating Security Payload (ESP) is a member of the IPsec protocol suite. In IPsec it provides origin authenticity, integrity and confidentiality protection of packets Internet Protocol 94;—;FW1_Encapsulation — Check Point Security Gateway SecuRemote FWZ Encapsulation Protocol;Encryption scheme for SecuRemote

Протокол;Номер порта;Имя сервиса и комментарий;Назначение

UDP;259;‘RDP’ — Check Point Security Gateway FWZ Key Negotiations.Note: Proprietary Check Point «Reliable Data Protocol» (does not comply with RDP as specified in RFC 908/RFC 1151);FWZ VPN (supported up to NG FP1 version only). SecuRemote/SecureClient checks the availability of the Security Gateway/Desktop Policy Server. When more than one IP address is available on a Security Gateway for VPN, RDP probing method is used to determine which VPN link will be used between Check Point VPN Gateways (by VPND daemon) TCP;264;‘FW1_topo’ — Check Point Security Gateway SecuRemote Topology Requests;Topology Download from Security Gateway (by FWD daemon) to SecuRemote (build 4100 and higher) and SecureClient TCP;265;‘FW1_key’ — Check Point Security Gateway Public Key Transfer Protocol;Exchanging CA-keys and DH-keys between management servers (SKIP, FWZ(4.x)) (by FWD daemon). Public Key download from Security Gateway (by FWD daemon) to SecuRemote/SecureClient TCP;444;‘CP_SSL_Network_Extender’ — SSL Network Extender port;SSL Network Extender (SNX). Remote Access Client configuration. Visitor Mode. (by VPND daemon) UDP;500;‘IKE’ — IPSEC Internet Key Exchange Protocol (formerly ISAKMP/Oakley);IKE negotiation over UDP (by VPND daemon) TCP;500;‘IKE_tcp’ — IPSEC Internet Key Exchange Protocol over TCP;IKE negotiation over TCP (by VPND daemon) UDP;2746;‘VPN1_IPSEC_encapsulation’ — Check Point Security Gateway SecuRemote IPSEC Encapsulation Protocol;UDP encapsulation UDP;4500;‘IKE_NAT_TRAVERSAL’ — NAT Traversal (NAT-T) Protocol;NAT Traversal adds a UDP header, which encapsulates the IPSec ESP header (by VPND daemon) TCP;18207;‘FW1_pslogon’ — Check Point Policy Server Logon protocol;NAT Traversal adds a UDP header, which encapsulates the IPSec ESP header (by VPND daemon) TCP;18231;‘FW1_pslogon_NG’ — Check Point NG Policy Server Logon protocol;Installing of Desktop Security policy from the Policy Server (DTPSD daemon) to SecureClient TCP;18232;‘FW1_sds_logon’ — Check Point SecuRemote Distribution Server Protocol;Software distribution of Check Point components UDP;18233;‘FW1_scv_keep_alive’ — Check Point SecureClient Verification Keepalive Protocol;Secure Configuration Verification on SecureClient UDP;18234;‘tunnel_test’ — Check Point tunnel testing application;Testing ICA through VPN by SecuRemote/SecureClient TCP;65524;‘FW1_sds_logon_NG’ — SecuRemote Distribution Server Protocol (VC and higher);Software distribution of Check Point components in NG versions Internet Protocol 17;—;‘tunnel_test_mapped’ — Tunnel testing for a module performing the tunnel test;VPN tunnel testing for a module performing the tunnel test Internet Protocol 50;—;‘ESP’ — IPSEC Encapsulating Security Payload Protocol;Encapsulating Security Payload (ESP) is a member of the IPsec protocol suite. In IPsec it provides origin authenticity, integrity and confidentiality protection of packets Internet Protocol 94;—;FW1_Encapsulation — Check Point Security Gateway SecuRemote FWZ Encapsulation Protocol;Encryption scheme for SecuRemote