FireWall-1 FAQ: Ports used by FireWall-1 4.1 and earlier
Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.
I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.
If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)
FireWall-1 uses many ports for communication. The following list explains the ports that FireWall-1 uses
- TCP Port 256 is used for three important things:
- Exchange of CA and DH keys in FWZ and SKIP encryption between two FireWall-1 Management Consoles
- SecuRemote build 4005 and earlier uses this port to fetch the network topology and encryption keys from a FireWall-1 Management Console
- When instaling a policy, the management console uses this port to push the policy to the remote firewall.
- TCP Port 257 is used by a remote firewall module to send logs to a management console.
- TCP Port 258 is used by the fwpolicy remote GUI.
- TCP Port 259 is used for Client Authentication.
- UDP Port 259 is used in FWZ encryption to manage the encrypted session (SecuRemote and FireWall-1 to FireWall-1 VPNs).
- UDP Port 260 and UDP Port 161 are used for the SNMP daemon that Check Point FireWall-1 Provides.
- TCP Port 264 is used for Secure Client (SecuRemote) build 4100 and later to fetch network topology and encryption keys from a FireWall-1 Management Console
- TCP port 265, according to my 4.1SP1 objects.C, is labeled "Check Point VPN-1 Public Key Transfer Protocol." I'm guessing this is used by FireWall-1 to exchange public keys with other hosts.
- UDP Port 500 is used for ISAKMP key exchange between firewalls or between a firewall and a host running Secure Client.
- TCP Port 900 is used by FireWall-1's HTTP Client Authentication mechanism.
- TCP Ports above 1024 are generally any Security Servers that are active. The actual ports used by these servers will vary.
- UDP Port 2746 is used for UDP Encapsulation Mode.
- TCP Port 18181 is used for CVP (Content Vectoring Protocol, for anti-virus scanning).
- TCP Port 18182 is used for UFP (URL Filtering Protocol, for WebSense and the like).
- TCP Port 18183 is used for SAM (Suspicious Activity Monitoring, for intrusion detection).
- TCP Port 18184 is used for Log Export API (lea) .
- TCP Port 18207 is used to log onto the Policy Server for Secure Client.
- TCP Port 18208 is used for Check Point's Remote Installation Daemon.
- TCP Port 19090 User Authority simple protocol
- TCP Port 19191 is used for User Authentication API.