Wednesday, November 30, 2011

Security Gateway communication ports

Security Gateway communication ports

=============================


TCP Port 256 is used for:

  • Exchange of CA and DH keys in FWZ and skip encryption between two Security Management servers.
  • To fetch the network topology and encryption keys from a Security Management server.
  • Security Management server uses this port to push the Security policy to the remote gateway.

TCP Port 257 is used for logging purposes.

TCP Port 258 is used by the remote GUI.

TCP Port 259 is used for Client Authentication.

UDP Port 259 is used in FWZ encryption to manage the encrypted session.

UDP Port 260 and UDP Port 261 are used for the SNMP daemon.

TCP Port 262 is used by netsod, which is the Single Sign-on Daemon.

TCP Port 264 is used by Secure Client to fetch the network topology and encryption keys from Security Management server. Security Gateway only listens to this port on a Security Management server.

UDP Port 500 is used for IKE negotiations.

TCP Port 900 is used by Client Authentication via HTTP.

TCP Port 4532 is used by the Session Authentication agent.

TCP Port 18181 is used for CVP (Content Vectoring Protocol). Security Gateway does not listen on this port.

TCP Port 18182 is used for UFP (URL Filtering Protocol). Security Gateway does not listen on this port.

TCP Port 18183 is used for SAM (Suspicious Activity Monitoring).

TCP Port 18184 is used for Log Export API (LEA).

TCP Port 18190 (CPMI) is used by FWM process to listen for SmartConsole attempting to connect to the Security Management server.

TCP Port 18191 (CPD) is used by the CPD process for communications such as Security policy installation, certificate revocation and status queries.

TCP Port 18192 (CPD_amon) is used by the CPD process for the Application Monitoring.

TCP Port 18196 is used for CPEPS which is part of User Monitor.

TCP Port 18207 is used by polsrvd, which is the Single Sign-on Daemon.

TCP Port 18210 (FW1_ica_pull): The CPD process, on the Security Management server, is listening on TCP port 18210 for certificates to be "pulled" by a gateway from a Security Management server.

TCP Port 18211 (FW1_ica_push): The Check Point Daemon (CPD) process, running on the gateway, listens on this port for the certificate creation and to "push" the certificate to the gateway from the Security Management server.

Posted by at No comments:

Friday, November 25, 2011

Checkpoint : clusterxl Down

Today I got a problem in one of the new firewall which I was building, cphaprob state "down" for one of the firewall, Definitely I decided to run chpaprob -i list command in the problematic box and I found that FIB is the creating the issue. Now what is FIB, fingers crossed....

[Expert@Firewall]# cphaprob -i list

Built-in Devices:

Device Name: Interface Active Check
Current state: problem

Device Name: HA Initialization
Current state: OK

Registered Devices:

Device Name: Synchronization
Registration number: 0
Timeout: none
Current state: OK
Time since last report: 96.5 sec

Device Name: Filter
Registration number: 1
Timeout: none
Current state: OK
Time since last report: 96.5 sec

Device Name: cphad
Registration number: 2
Timeout: 2 sec
Current state: OK
Time since last report: 0.3 sec

Device Name: fwd
Registration number: 3
Timeout: 2 sec
Current state: OK
Time since last report: 0.6 sec

Device Name: FIB
Registration number: 4
Timeout: none
Current state: problem
Time since last report: 7.8 sec


FIB - is nothing but responsible for dynamic routing in checkpoint, which I am not supposed to enable, I disabled it thru cpconfig and reboot (for safer side) fixed the issue...

Stupid issue made me mad for sometime...
Posted by at No comments:
Labels:

Thursday, November 24, 2011

IPSO - Terminate Service Gracefully

The ‘kill’ command can be used effectively to do this using the following process…



1. Locate the process identification number (PID) of the process you wish to terminate by running the command:


nokia[admin]# ps –auxwww

USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND

root 1751 0.0 0.0 472 208 d0 R+ 11:50AM 0:00.01 ps -auxwww

root 1 0.0 0.0 356 172 ?? Is 8:19AM 0:00.01 /sbin/init --

root 2 0.0 0.0 0 0 ?? DL 8:19AM 0:00.00 (pagedaemon)

root 3 0.0 0.0 0 0 ?? DL 8:19AM 0:00.00 (vmdaemon)

root 4 0.0 0.0 0 0 ?? DL 8:19AM 0:00.30 (update)

root 133 0.0 0.1 1400 1120 ?? Is 8:21AM 0:00.08 /bin/pm

root 146 0.0 0.1 204 560 ?? Ss 8:21AM 0:00.08 /usr/sbin/syslogd -t -6

root 176 0.0 0.0 472 336 ?? I 8:21AM 0:00.02 /bin/csh -fb /opt/CPsuite-R65/svn/bin/cprid_wd

root 181 0.0 0.9 4996 7116 ?? I 8:21AM 0:00.33 /opt/CPsuite-R65/svn/bin/cprid

root 298 0.0 0.3 1128 2216 ?? Ss 8:21AM 0:00.73 /bin/httpd -d /web

root 310 0.0 0.3 7096 2404 ?? Ss 8:21AM 0:00.13 /bin/ipsrd -N

root 313 0.0 0.5 2244 3836 ?? Ss 8:21AM 0:12.67 /bin/xpand

root 314 0.0 0.1 764 1056 ?? Is 8:21AM 0:00.82 /bin/ifm /config/active

root 364 0.0 0.3 1080 2532 ?? Is 8:21AM 0:00.48 /opt/CPsuite-R65/svn/bin/cpwd

root 382 0.0 0.1 184 620 ?? Is 8:21AM 0:00.00 /usr/sbin/inetd -n

root 383 0.0 0.2 252 1204 ?? Is 8:21AM 0:00.01 /opt/CPsuite-R65/bin/ifwd

root 384 0.0 0.6 3012 4956 ?? Is 8:21AM 0:05.79 /bin/clishd default server


2. Terminate the process gracefully by running the command:


nokia[admin]# kill –HUP [PID of the process to be terminated]


NOTE: Some processes are monitored by the watchdog process which will respawn the process as soon as it is terminated.



To terminate a process which may be monitored by watchdog the following command may be used:


nokia[admin]# dbset process:[exact name of the process]


To restart a process terminated using the above method you can issue the following command:


nokia[admin]# dbset process:[exact name of the process] t


It is always a good idea (for good measure) to save any time to perform a dbset change by issuing the command:


nokia[admin]# dbset :save

============================


kill –HUP or Kill -9
dbset process:snmpd
dbset process:clishd
dbset process:httpd
dbset :save

Posted by at No comments: