Hi Chi-Lien,
Well, the ports FireWall-1 uses for communication
are these (I made a table of them....):
Name of service |
Description |
TCP or UDP |
Port number |
FW1 |
Check Point VPN-1 & FireWall-1 Service |
TCP |
256 |
FW1_log |
Check Point VPN-1 & FireWall-1 Logs |
TCP |
257 |
FW1_mgmt |
Check Point Management |
TCP |
258 |
FW1_clntauth_telnet |
Check Point VPN-1 & FireWall-1 Client Authentication
(Telnet) |
TCP |
259 |
FW1_snmp |
Check Point VPN-1 & FireWall-1 SNMP Agent |
UDP |
260 |
FW1_snauth |
Check Point VPN-1 & FireWall-1 Session
Authentication |
TCP |
261 |
FW1_top |
Check Point VPN-1 SecuRemote Topology Requests |
TCP |
264 |
FW1_key |
Check Point VPN-1 Public Key Transfer Protocol |
TCP |
265 |
FW1_clntauth_http |
Check Point VPN-1 & FireWall-1 Client Authentication
(HTTP) |
TCP |
900 |
FW1_cvp |
Check Point OPSEC Content Vectoring Protocol |
TCP |
18181 |
FW1_ufp |
Check Point OPSEC URL Filtering Protocol |
TCP |
18182 |
FW1_sam |
Check Point OPSEC Suspicious Activity Monitor
API |
TCP |
18183 |
FW1_lea |
Check Point OPSEC Log Export API |
TCP |
18184 |
FW1_ela |
Check Point OPSEC Event Logging API |
TCP |
18187 |
FW1_ipslogon |
Policy Server Logon protocol |
TCP |
18207 |
FW1_CPRD |
Check Point Remote Installation Protocol |
TCP |
18208 |
FW1_netso |
NetSO Authority protocol |
TCP |
19190 |
Some of these are included in implicit pseudo-rules
you can view choosing View from the menu, and then click on Implied
pseudo-rules. Pay attention to the fact that you're maybe not using all of
them....
I suggest you to harden you operating system in
order to close unnecesary ports. For hardening SO I suggest the following
whitepapers:
About training in CheckPoint Fw-1.... Well I can
say that when I began with the product documentation it was a headache for me to
understand the product architecture. Too many terms: inspect engine, fw module,
inspection module, enterprise security console, fw management console. Some of
them refer to the same but I don't know why the CKP Software Technologies
documentation team like to have many, many names to designate exatly the
same thing.
It was a great challenge for me. But you can
acquire the concepts and terms if you have a little patience. You will maybe
have to read the docs many times.
I can't tell you if CCSA or CCSE student material
were better than product documentation because I had access to them when I was
more experienced with Fw-1. But I think they're easier to read.
If you or your company can afford for a CCSA or
CCSE course, welcome....
I hope this can help you.
Best regards,
Fabiola Mayorca
----------------------------------------------------- Fabiola Daniela
Mayorca Arellano CCSE & CCSA CheckPoint Certified Security Engineer
/ Administrator Telefónica Sistemas, sucursal Perú. Los Sauces 374 Piso
10/11 Edificio La Torre Roja. San Isidro - Lima 27 Latin
America
----- Original Message -----
Sent: Monday, November 06, 2000 2:05
PM
Subject: [FW1] open ports
Dear All,
I am a beginner trying to use this product.
Two simple questions about the FW:
1. What ports number does FW use? Should I
close most of the "listening" ones? And how?
2. Any recommandation about what books I
should start with (except the manuals) or should I just go to the class and
get trained that way?
Thanks for any advice.
Best, Chi-lien
Lee
|