Information Technology Grimoire

Version .0.0.1

IT Notes from various projects because I forget, and hopefully they help you too.

Check Point Ports

General Ports

PORT	TYPE	SERVICE DESCRIPTION
21	TCP	ftp File transfer Protocol (control)
21	UDP	ftp File transfer Protocol (control)
22	Both	ssh SSH remote login
25	both	SMTP Simple Mail transfer Protocol
50		Encryption IP protocols esp – IPSEC Encapsulation Security Payload
51		Encryption IP protocols ah – IPSEC Authentication Header Protocol
53	Both	Domain Name Server
69	Both	TFTP Trivial File Transfer Protocol
94	TCP	Encryption IP protocols fwz_encapsulation (FW1_Eencapsulation)
137	Both	Netbios-ns NETBIOS Name Service
138	Both	netbios-dgm NETBIOS Datagram
139	Both	netbios-ssn NETBIOS Session
256	TCP	FW1 (fwd) policy install port FWD_SVC_PORT
257	TCP	FW1_log FW1_log FWD_LOG_PORT
258	TCP	FW1_mgmt FWM_SSVVC_PORT
259	TCP	FW1_clientauth_telnet
259	UDP	RDP Reliable Datagram Protocol
260	TCP	sync
260	UDP	FW1_snmp FWD_SNMP_PORT
261	TCP	FW1_snauth Session Authentication Daemon
262	TCP	MDQ – mail dequer
263	TCP	dbs
264	TCP	FW1_topop Check Point SecureClient Topology Requests
265	TCP	FW1_key Check Point VPN-1 Public key transfer protocol
389	Both	LDAP Secure Client connecting to LDAP without SSL
443		SNX VPN can use 443 too
444	TCP	SNX VPN SNX VPN tunnel in connectra only
500	UDP	IPSEC IKE Protocol (formerly ISAKMP/Oakley)
500	TCP	IKE over TCP
500	UDP	ISAKMPD_SPORT & ISAKMPD_DPORT
514	UDP	Syslog Syslog
636		LDAP Secure Client connecting to LDAP with SSL
900	TCP	FW1_clntauth_http Client Authentication Daemon
981		Management https on the edge
1247		
1494	TCP	Winframe Citrix
1645	TCP	Radius
1719	UDP	VOIP
1720	TCP	VOIP
2040	TCP	MIP meta Ip admin server
2746	UDP	UDP encapsualtion for SR VPN1_IPSEC_encapsulation VPN1_IPSEC encapsulation
2746	TCP	CPUDPENCap
4000		Policy Server Port (Redmond)
4433	TCP	Connectra Admin HTTPS Connectra admin port
4500	UDP	NAT-T NAT Traversal
4532	TCP	SNDAEMON_PORT sn_auth_trap: sn_auth daemon Sec.Serv comm,
5001	TCP	Meta IP Web Connection, MIP
5002	TCP	Meta IP DHCP Failover
5004	TCP	Meta IP UAM
5005	TCP	Meta IP SMC
6969	UDP	KP_PORT KeyProt
8116	UDP	Check Point HA SyncMode= CPHAP (new sync mode)
8116	UDP	Connection table synchronization between firewalls
8989	TCP	CPIS Messaging MSG_DEFAULT_PORT
8998	TCP	MDS_SERVER_PORT
9000		Command Line Port for Secure Client
10001	TCP	Default CPRSM listener port for coms with RealSecure Console
18181	TCP	FW1_cvp Check Point OPSEC Content Vectoring Protocol
18182	TCP	FW1_ufp Check Point OPSEC URL Filtering Protocol
18183	TCP	FW1_sam Check Point OPSEC Suspicious Activity monitoring Proto (SAM API)
18184	TCP	FW1_lea Check Point OPSEC Log Export API
18185	TCP	FW1_omi Check Point OPSEC Objects Management Interface
18186	TCP	FW1_omi-sic Check Point OPSEC Objects management Interface with Secure Internal Communication
18187	TCP	FW1_ela Check Point OPSEC Event Loging API
18190	TCP	CPMI Check Point Management Interface
18191	TCP	CPD Check Point Daemon Proto NG
18192	TCP	CPD_amon Check Point Internal Application Monitoring NG
18193	TCP	FW1_amon Check Point OPSEC Appication Monitoring NG
18201	TCP	FGD_SVC_PORT
18202	TCP	CP_rtm Check Point Real time Monitoring
18203	TCP	FGD_RTMP_PORT
18204	TCP	CE communication
18205	TCP	CP_reporting Check Point Reporting Client Protocol
18207	TCP	FW1_pslogon Check Point Policy Server logon Protocol
18208	TCP	FW1_CPRID (SmartUpdate) Check Point remote Installation Protocol
18209	TCP	FWM CA for establishing SIC communication
18210	TCP	FW1_ica_pull Check Point Internal CA Pull Certificate Service
18211	TCP	FW1_ica_pull Check Point Internal CA Push Certificate Service
18212	UDP	Connect Control – Load Agent port
18213	TCP	cpinp: inp (admin server)
18214	TCP	cpsmc: SMC
18214	UDP	cpsmc: SMC Connectionless
18221	TCP	CP_redundant Check Point Redundant Management Protocol NG
18231	TCP	FW1_pslogon_NG Check Point NG Policy Server Logon Protocol
18231	TCP	NG listens on this port by default dtps.exe
18232	TCP	FW1_sds_logon Check Point SecuRemote Distribution Server Protocol
18233	UDP	Check Point SecureClient Verification Keepalive Protocol FW1_scv_keep_alive
18241	UDP	e2ecp
18262	TCP	CP_Exnet_PK Check Point Public Key Resolution
18263	TCP	CP_Exnet_resolve Check Point Extranet remote objects resolution
18264	TCP	FW1_ica_services Check Point Internal CA Fetch CRL and User Registration Services
19190	TCP	FW1_netso Check Point OPSEC User Authority Simple Protocol
19191	TCP	FW1_uaa Check point OPSEC User Authority API
65524		FW1_sds_logon_NG Secure Client Distribution Server Protocol (VC and Higher)

SIC

PORT	TYPE	SERVICE DESCRIPTION
18209	tcp	NGX Gateways <> ICAs (status, issue, or revoke).
18210	tcp	Pulls Certificates from an ICA.
18211	tcp	Used by the cpd daemon (on the gateway) to receive Certificates.

Check Point Authentication Ports

PORT	TYPE	SERVICE DESCRIPTION
259	tcp	Client Authentication (Telnet)
900	tcp	Client Authentication (HTTP)