Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
347
Views
0
Helpful
1
Replies

PIX with Check point VPN client

tyagivijay
Level 1
Level 1

‎02-14-2005 05:34 AM - edited ‎02-21-2020 01:36 PM

Hello,

We are using check point VPN client in our LAN , previously ever thing was working fine but now as we have implemented PIX firewall in our LAN we are unable to connect the Check point Policy server .

If any one also faced similar problem than please suggest the solution.

Thanks in advance

Vijay

Labels:
0 Helpful
1 Reply 1

Patrick Iseli
Level 7
Level 7

‎02-14-2005 05:52 AM

Have you tryed to enable globaly IPSEC on the PIX ?

sysopt connection permit-ipsec

CheckPoints FW-1 Service Ports

-------------------------------

256/TCP PUTKEY is used for three important things:

* Exchange of CA and DH keys in FWZ and SKIP encryption between two FireWall-1 Management Consoles

* SecuRemote build 4005 and earlier uses this port to fetch the network topology and encryption keys from a FireWall-1 Management Console

* When instaling a policy, the management console uses this port to push the policy to the remote firewall.

257/TCP FW1_LOG is used by a remote firewall module to send logs to a management console.

258/TCP FW1_MGMT (fetch policy) is used by the fwpolicy remote GUI.

259/TCP is used for Client Authentication.

259/UDP RDP (Encyption) is used in FWZ encryption to manage the encrypted session (SecuRemote and FireWall-1 to FireWall-1 VPNs).

261/TCP SESSION AGENT

260/UDP & 161/UDP are used for the SNMP daemon that Check Point FireWall-1 Provides.

264/TCP FW_TOPO is used for Secure Client (SecuRemote) build 4100 and later to fetch network topology and encryption keys from a FireWall-1 Management Console

265/TCP according to my 4.1SP1 objects.C, is labeled "Check Point VPN-1 Public Key Transfer Protocol." I'm guessing this is used by FireWall-1 to exchange public keys with other hosts.

500/UDP is used for ISAKMP key exchange between firewalls or between a firewall and a host running Secure Client.

900/TCP is used by FireWall-1's HTTP Client Authentication mechanism.

2746/UDP is used for UDP Encapsulation Mode.

18181/TCP CVP is used for CVP (Content Vectoring Protocol, for anti-virus scanning).

18182/TCP UFP is used for UFP (URL Filtering Protocol, for WebSense and the like).

18183/TCP is used for SAM (Suspicious Activity Monitoring, for intrusion detection).TCP is used for Log Export API (lea) .

18184/CPMAD is ued to detect 10 IDS Signatues as Portscans, LAND Attack

18186/TCP FW1_omi-sic SIC

18190/TCP CPMI FireWall-1 Management Client connects to Management Server

18191/TCP CPD Policy installation, Certificate revocation, status query

18192/TCP CPD_amon FW1 Application Monitoring

18207/TCP Policy Server Logon is used to log onto the Policy Server for Secure Client.

18208/TCP is used for Check Point's Remote Installation Daemon.

18210/TCP FW1_ica_pull CPD Certificate Creation

18211/TCP FW1_ica_push CPD Certificate Creation

18212/TCP Load Agent is used for the Load Balancing Load Agent communication

18231/TCP Policy Server communication to Management Server

18233/UDP State Keep Alive Policy Server

19090/TCP User Authority simple protocol

19191/TCP is used for User Authentication API.

As you can see CheckPoint uses a lot of a ports.

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents