TCP and UDP Ports used by Check Point FW-1
| Port | Type | Name | Description |
|---|---|---|---|
| 256 | tcp | FW1 | Check Point VPN-1 & FireWall-1 Service - Download of rulebase from MM to FWM (4.x) - Fetching rulebase from FWM to MM when starting (4.x) - Get topology information from MM or CMA to FWM (also for NG) - Full synchronisation for HA configuration (also for NG) |
| 257 | tcp | FW1_log | Check Point VPN-1 & FireWall-1 Logs - Protocol used for delivering logs from FWM to MM - Protocol used for delivering logs from FWM to CMA or CLM |
| 258 | tcp | FW1_mgmt | Check Point VPN-1 & FireWall-1 Management (Version 4.x, obsolete) - Protocol for communication between GUI and MM 4.x |
| 259 | tcp | FW1_clntauth FW1_clntauth_telnet |
Check Point VPN-1 & FireWall-1 Client Authentication (Telnet) - Protocol for performing Client-Authentication at FWM using telnet |
| 259 | udp | RDP | Check Point VPN-1 FWZ Key Negotiations - Reliable Datagram Protocol - Protocol used for FWZ VPN (supported up to NG FP1 only) - Protocol used by SR/SCl for checking the availability of the FWM/PS |
| 260 | udp | FW1_snmp | Check Point VPN-1 & FireWall-1 SNMP Agent - Check Point's SNMP, used additionally to 161/udp (snmp) |
| 261 | tcp | FW1_snauth | Check Point VPN-1 & FireWall-1 Session Authentication - Protocol for Session Authentication between FWM and SAA |
| 262 | tcp | - not predefined - | only internally used by Mail Dequerer (process: mdq) |
| 264 | tcp | FW1_topo | Check Point VPN-1 SecuRemote Topology Requests - Topology Download for SR (build 4100 and higher) and SCl |
| 265 | tcp | FW1_key | Check Point VPN-1 Public Key Transfer Protocol - Protocol for exchanging CA- and DH-keys between MM's (SKIP, FWZ (4.x)) - Public Key download for SR/SCl |
| 900 | tcp | FW1_clntauth FW1_clntauth_http |
Check Point VPN-1 & FireWall-1 Client Authentication (HTTP) - Protocol for performing Client-Authentication at FWM using HTTP |
| 981 | tcp | - not predefined - | Check Point VPN-1 Edge remote administration from external using HTTPS |
| 2746 | udp | VPN1_IPSEC_encapsulation | Check Point VPN-1 SecuRemote IPSEC Transport Encapsulation Protocol - Default-Protocol used for UDP encapsulation |
| 4532 | tcp | - not predefined - | only internally used by Session Authentication (in.asessiond) |
| 5004 | udp | MetaIP-UAT | Check Point Meta IP UAM Client-Server Communication |
| 8116 | udp | - not predefined - | Check Point Cluster Control Protocol - Protocol for internal communication between High Availability Cluster Members. Used for e.g. report/query state, probing, load balancing |
| 8989 | tcp | - not predefined - | only internally used by CMA for Messaging (process: cpd) |
| 9281 | udp | SWTP_Gateway | VPN-1 Embedded SofaWare commands - Encrypted Protocol for communication between MM and Check Point Appliance (e.g. VPN-1 Edge) |
| 9282 | udp | SWTP_SMS | VPN-1 Embedded SofaWare Management Server (SMS) - Encrypted Protocol for communication between MM and Check Point Appliance (e.g. VPN-1 Edge) |
| 18181 | tcp | FW1_cvp | Check Point OPSEC Content Vectoring Protocol - Protocol used for communication between FWM and AntiVirus Server |
| 18182 | tcp | FW1_ufp | Check Point OPSEC URL Filtering Protocol - Protocol used for communication between FWM and Server for Content Control (e.g. Web Content) |
| 18183 | tcp | FW1_sam | Check Point OPSEC Suspicious Activity Monitor API - Protocol e.g. for Block Intruder between MM (or CMA) and FWM |
| 18184 | tcp | FW1_lea | Check Point OPSEC Log Export API - Protocol for exporting logs from MM |
| 18185 | tcp | FW1_omi | Check Point OPSEC Objects Management Interface - Protocol used by applications having access to the ruleset saved at MM |
| 18186 | tcp | FW1_omi-sic | Check Point OPSEC Objects Management Interface with SIC - Protocol used by applications having access to the ruleset saved at MM |
| 18187 | tcp | FW1_ela | Check Point OPSEC Event Logging API - Protocol for applications logging to the Firewall log at MM |
| 18190 | tcp | CPMI | Check Point Management Interface - Protocol for communication between GUI and MM - Protocol for connections from MDG to MDS and CMA |
| 18191 | tcp | CPD | Check Point Daemon Protocol - Download of rulebase from MM to FWM - Fetching rulebase, from FWM to MM when starting FWM - Download of rulebase from MDS/CMA to FWM - Fetching rulebase, from FWM to CMA when starting FWM |
| 18192 | tcp | CPD_amon | Check Point Internal Application Monitoring - Protocol for getting System Status, from MM or MDS/CMA to FWM |
| 18193 | tcp | FW1_amon | Check Point OPSEC Application Monitoring - Protocol for monitoring apps, e.g. from MM to CVP server |
| 18202 | tcp | CP_rtm | Check Point RTM Log - Protocol used by Real Time Monitor (SmartView Monitor) |
| 18205 | tcp | CP_reporting | Check Point Reporting client - Protocol used by Reporting client when connecting to Reporting Server (MM) |
| 18207 | tcp | FW1_pslogon | Check Point Policy Server Logon protocol - Protocol used for download of Desktop Security from PS to SCl (4.x) |
| 18208 | tcp | FW1_CPRID | Check Point Remote Installation Protocol - Protocol used from MM to FWM when installing Secure Updates. |
| 18209 | tcp | - not predefined - | Protocol used in SIC for communication between FWM and ICA (status, issue, revoke) |
| 18210 | tcp | FW1_ica_pull | Check Point Internal CA Pull Certificate Service - Protocol used by SIC for e.g. FWM pulling CA's from MM |
| 18211 | tcp | FW1_ica_push | Check Point Internal CA Push Certificate Service - Protocol used by SIC for pushing CA's from MM or CMA/MDS to FWM |
| 18212 | udp | FW1_load_agent | Check Point ConnectControl Load Agent - Default-Port for Load Agent running on load-balanced Servers (e.g. WWW, FTP) |
| 18221 | tcp | CP_redundant | Check Point Redundant Management Protocol - Protocol used for synchronizing primary and secondary MM - Protocol used for synchronizing CMA between primary and secondary MDS |
| 18231 | tcp | FW1_pslogon_NG | Check Point NG Policy Server Logon protocol (NG) - Protocol used for download of Desktop Security from PS to SCl |
| 18232 | tcp | FW1_sds_logon | Check Point SecuRemote Distribution Server Protocol - Protocol for software distribution of Check Point components |
| 18233 | udp | FW1_scv_keep_alive | Check Point SecureClient Verification KeepAlive Protocol - Protocol for Secure Configuration Verification on SecureClient |
| 18234 | udp | tunnel_test | Check Point tunnel testing application - Protocol for testing applications through a VPN, used by SR/SCl |
| 18241 | udp | E2ECP | Check Point End to End Control Protocol - Protocol to check SLA's defined in Virtual Links by SmartView Monitor |
| 18262 | tcp | CP_Exnet_PK | Check Point Extrnet public key advertisement - Protocol for exchange of public keys when configuring Extranet no more supported since NG AI R55 |
| 18263 | tcp | CP_Exnet_resolve | Check Point Extranet remote objects resolution - Protocol for importing exported objects from partner in Extranet no more supported since NG AI R55 |
| 18264 | tcp | FW1_ica_services | Check Point Internal CA Fetch CRL and User Registration Services - Protocol for Certificate Revocation Lists and registering users when using the Policy Server - needed when e.g. FWM is starting |
| 18265/ | tcp | FW1_ica_mgmt_tools | Check Point Internal CA Management Tools - Protocol for managing the ICA, established with NG AI, also used for central administration of certificates on MM. - needs to be started separately with the command cpca_client |
| 19190 | tcp | FW1_netso | Check Point User Authority simple protocol - Protocol used in UA for connecting from UA Server to Web Plugin when authenticating users here |
| 19191 | tcp | FW1_uaa | Check Point OPSEC User Authority API - Protocol for connections to the UA Server |
| 19194 | udp | CP_SecureAgent-udp | SecureAgent Authentication service |
| 19195 | udp | CP_SecureAgent-udp | SecureAgent Authentication service |
| 60709 | tcp | - not predefined - | Internally used by SecurePlatform for web based system administration (process: cpwmd). It's bound to localhost, so no remote connect is possible. |
| 65524 | tcp | FW1_sds_logon_NG | Check Point SecuRemote Distribution Server Protocol - Protocol for software distribution of Check Point components in Next Generation |
| 17 | ip | tunnel_test_mapped | tunnel testing for a module performing the tunnel test |
| 94 | ip | FW1_Encapsulation | Check Point VPN-1 SecuRemote FWZ Encapsulation Protocol |
| 117 | Ip | Virtual Router Redundancy Protocol | HA for Nokia's IPSO - since NG AI |
| Port | Type | Name | Description |
|---|---|---|---|
| 256 | tcp | FW1 | Check Point VPN-1 & FireWall-1 Service - Get topology information from SCt or CMA to FWM - Full synchronisation for HA configuration |
| 257 | tcp | FW1_log | Check Point VPN-1 & FireWall-1 Logs - Protocol used for delivering logs from FWM to SCt - Protocol used for delivering logs from FWM to CMA or CLM |
| 259 | tcp | FW1_clntauth_telnet | Check Point VPN-1 & FireWall-1 Client Authentication (Telnet) - Protocol for performing Client-Authentication at FWM using telnet |
| 259 | udp | RDP | Check Point Reliable Datagram Protocol - Protocol used by SR/SCl for checking the availability of the FWM/PS |
| 260 | udp | FW1_snmp | Check Point VPN-1 & FireWall-1 SNMP Agent - Check Point's SNMP, used additionally to 161/udp (snmp) |
| 261 | tcp | FW1_snauth | Check Point VPN-1 & FireWall-1 Session Authentication - Protocol for Session Authentication between FWM and SAA |
| 262 | tcp | - not predefined - | only internally used by Mail Dequerer (process: mdq) |
| 264 | tcp | FW1_topo | Check Point VPN-1 SecuRemote Topology Requests - Topology Download for SR (build 4100 and higher) and SCl |
| 265 | tcp | FW1_key | Check Point VPN-1 Public Key Transfer Protocol - Public Key download for SR/SCl |
| 900 | tcp | FW1_clntauth_http | Check Point VPN-1 & FireWall-1 Client Authentication (HTTP) - Protocol for performing Client-Authentication at FWM using HTTP |
| 981 | tcp | - not predefined - | Check Point VPN-1 Edge remote administration from external IPs using HTTPS |
| 2746 | udp | VPN1_IPSEC_encapsulation | Check Point VPN-1 SecuRemote IPSEC Transport Encapsulation Protocol - Default-Protocol used for UDP encapsulation, Check Point proprietary |
| 4433 | tcp | - not predefined - | Default Port used for SmartPortal to have
read-access to rulebase, objects, users, etc. Access with HTTPS using a Web Browser |
| 4532 | tcp | - not predefined - | only internally used by Session Authentication (in.asessiond) |
| 5004 | udp | MetaIP-UAT | Check Point Meta IP UAM Client-Server Communication |
| 8116 | udp | - not predefined - | Check Point Cluster Control Protocol - Protocol for internal communication between High Availability Cluster Members. Used for e.g. report/query state, probing, load balancing |
| 8989 / tcp | tcp | - not predefined - | only internally used by CMA for Messaging (process: cpd) |
| 9281 | udp | SWTP_Gateway | VPN-1 Embedded / SofaWare commands - Encrypted Protocol for communication between MM and Check Point Appliance (e.g. VPN-1 Edge) |
| 9282 | udp | SWTP_SMS | VPN-1 Embedded / SofaWare Management Server (SMS) - Encrypted Protocol for communication between MM and Check Point Appliance (e.g. VPN-1 Edge) |
| 9283/tcp | tcp | SMS | VPN-1 Embedded / SofaWare Management Server (SMS) |
| 18181 | tcp | FW1_cvp | Check Point OPSEC Content Vectoring Protocol - Protocol used for communication between FWM and AntiVirus Server |
| 18182 | tcp | FW1_ufp | Check Point OPSEC URL Filtering Protocol - Protocol used for communication between FWM and Server for Content Control (e.g. Web Content) |
| 18183 | tcp | FW1_sam | Check Point OPSEC Suspicious Activity Monitor API - Protocol e.g. for Block Intruder between SCt (or CMA) and FWM |
| 18184 | tcp | FW1_lea | Check Point OPSEC Log Export API - Protocol for exporting logs from SCt |
| 18185 | tcp | FW1_omi | Check Point OPSEC Objects Management Interface - Protocol used by applications having access to the ruleset saved at SCt |
| 18186 | tcp | FW1_omi-sic | Check Point OPSEC Objects Management Interface with
SIC - Protocol used by applications having access to the ruleset saved at SCt |
| 18187 | tcp | FW1_ela | Check Point OPSEC Event Logging API - Protocol for applications logging to the Firewall log at SCt |
| 18190 | tcp | CPMI | Check Point Management Interface - Protocol for communication between GUI and SCt - Protocol for connections from MDG to MDS and CMA |
| 18191 | tcp | CPD | Check Point Daemon Protocol - Download of rulebase from SCt to FWM - Fetching rulebase, from FWM to SCt or CMA when starting FWM - Download of rulebase from MDS/CMA to FWM |
| 18192 | tcp | CPD_amon | Check Point Internal Application Monitoring - Protocol for getting System Status, from SCt or MDS/CMA to FWM |
| 18193 | tcp | FW1_amon | Check Point OPSEC Application Monitoring - Protocol for monitoring apps, e.g. from SCt to CVP server |
| 18202 | tcp | CP_rtm | Check Point Real Time Monitoring - Protocol used by SmartView Monitor |
| 18205 | tcp | CP_reporting | Check Point Reporting Client Protocol - Protocol used by Reporting client when connecting to Reporting Server (SCt) |
| 18207 | tcp | FW1_pslogon | Check Point Policy Server Logon protocol - Protocol used for download of Desktop Security from PS to SCl (4.x clients only) |
| 18208 | tcp | FW1_CPRID | Check Point Remote Installation Protocol - Protocol used from MM to FWM when installing Secure Updates. |
| 18209 | tcp | - not predefined - | Protocol used in SIC for communication between FWM and ICA (status, issue, revoke) |
| 18210 | tcp | FW1_ica_pull | Check Point Internal CA Pull Certificate Service - Protocol used by SIC for e.g. FWM pulling CA's from SCt |
| 18211 | tcp | FW1_ica_push | Check Point Internal CA Push Certificate Service - Protocol used by SIC for pushing CA's from SCt or CMA/MDS to FWM |
| 18212 | udp | FW1_load_agent | Check Point ConnectControl Load Agent - Default-Port for Load Agent running on load-balanced Servers (e.g. WWW, FTP) |
| 18221 | tcp | CP_redundant | Check Point Redundant Management Protocol - Protocol used for synchronizing primary and secondary SCt or CMA - Protocol used for synchronizing primary and secondary MDS |
| 18231 | tcp | FW1_pslogon_NG | Check Point NG Policy Server Logon protocol
(NG) - Protocol used for download of Desktop Security from PS to SCl |
| 18232 | tcp | FW1_sds_logon | Check Point SecuRemote Distribution Server Protocol - Protocol for software distribution of Check Point components |
| 18233 | udp | FW1_scv_keep_alive | Check Point SecureClient Verification KeepAlive Protocol - Protocol for Secure Configuration Verification on SecureClient |
| 18234 | udp | tunnel_test | Check Point tunnel testing application - Protocol for testing applications through a VPN, used by SR/SCl |
| 18241 | udp | E2ECP | Check Point End to End Control Protocol - Protocol to check SLA's defined in Virtual Links by SmartView Monitor |
| 18264 | tcp | FW1_ica_services | Check Point Internal CA Fetch CRL and User Registration Services - Protocol for Certificate Revocation Lists and registering users when using the Policy Server - needed when e.g. FWM is starting |
| 18265 | tcp | FW1_ica_mgmt_tools | Check Point Internal CA Management Tools - Protocol for managing the ICA, also used for central administration of certificates on SCt. - needs to be started separately with the command cpca_client. |
| 18266 | tcp | CP_seam | Check Point SEAM Server Protocol |
| 19190 | tcp | FW1_netso | Check Point User Authority simple protocol - Protocol used in UA for connecting from UA Server to Web Plugin when authenticating users here |
| 19191 | tcp | FW1_uaa | Check Point OPSEC User Authority API - Protocol for connections to the UA Server |
| 19194 | udp | CP_SecureAgent-udp | SecureAgent Authentication service |
| 19195 | udp | CP_SecureAgent-udp | SecureAgent Authentication service |
| 60709 | tcp | - not predefined - | Internally used by SecurePlatform for web based system administration (process: cpwmd). It's bound to localhost, so no remote connect is possible. |
| 65524 | tcp | FW1_sds_logon_NG | Check Point SecuRemote Distribution Server Protocol - Protocol for software distribution of Check Point components in Next Generation |