Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Secure Remote NG - What ports does it use??

Posted on 2002-06-28
7
Medium Priority
?
7,491 Views
Last Modified: 2007-11-27
I had to upgrade to Secure Remote NG because the server on the other side was upgraded.  It seems that NG uses a different set of ports to communicate than the older version did.  I am not able to connect to the secure server with my firewall up.  When I bring my firewall down, I can telnet in just fine.

I need to know which ports that Secure Remote NG uses to communicate with the server, so I can open them up on my firewall.  I have had a hard time finding this info.

Thanks.
0
Comment
Question by:barthalamu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 16

Expert Comment

by:The--Captain
ID: 7119725
I avoid checkpoint for just these reasons [it's crappy], but maybe this link will help...

http://www.firewall-1.org/2002-05/msg00318.html

In any case, can't you just resolve this with an appropriately-situated packet-sniffer?

Cheers,
-Jon





0
 

Author Comment

by:barthalamu
ID: 7120931
I didn't find what I was looking for from that link.  Thanks though.

Yes, I can use a packet sniffer, and will do that if no one knows or knows where to find out the exact ports that Secure Remote NG uses to communicate on.
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 7121301
If you can't find documentation on the ports in use, then a packet sniffer may be one of your only options - let me know how things proceed...

Cheers.
-Jon
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Expert Comment

by:roman0_mx
ID: 7122613
barthalamu

Download one sniffer / Scanner port, for example the Nmap (its free)

And run them again your firewall ( or other devices), to see the open ports an then try these open ports to connect.

http://www.insecure.org/

Ciao.
0
 
LVL 23

Accepted Solution

by:
Tim Holman earned 2000 total points
ID: 7125158
No change - should just be the same ones as with 4.1.
From Check Point SecureKnowledge:

Which ports need to be opened for a SecuRemote session to be allowed through a filtering device such as FireWall-1?
 
Solution ID: 3.0.135325.2193947
Creation Date: 06/18/1999
Revised Date: 05/23/2002
       Email this solution
 Rate this solution
 
 
Environment: SecuRemote 4.0, SecuRemote 4.1, SecureClient 4.1, SecuRemote NG, SecureClient NG, VPN-1/ FireWall-1, Ports, Protocol 50, Protocol 51, Protocol 94
 
Symptoms:
Unable to establish SecuRemote session with a remote Firewall-1 through a filtering device
 
Cause:
The filtering device has the following ports blocked: -TCP Port 264 -TCP Port 256 -UDP Port 259 -UDP Port 500 -Protocol 94, 50 and 51.
 
Solution:
1. To download the topology, you need to open TCP port 256, whatever encryption scheme is used .

*  If using SecuRemote 4.1 or NG, then by default the topology will be downloaded on TCP port 264.

*  If using SecuRemote 4.1 with FireWall-1 3.0b or 4.0, SecuRemote will first try to get the topology on port 264; if it is not successful after 30 seconds, it will try on port 256.
See the Solution: Topology Download problems with SecuRemote 4.1/FireWall-1 4.1 to learn more about this issue.

*  If using SecuRemote 3.0 or 4.0 with FireWall-1 4.1, add a rule in FireWall-1, that accepts connections from SecuRemote users to the SecuRemote server on port 256.

2. To establish a connection between SecuRemote Client and the server:
If using the FWZ encryption scheme, open UDP port 259 for the Authentication.

NOTE: If not using encapsulation, create rules to allow the actual traffic.
If using encapsulation, just add one rule allowing traffic on protocol 94 (0x5e) which is the new IP protocol number.
For ISAKMP, open UDP port 500 (ISAKMP service) for Authentication, and allow traffic on protocol 50 (0x32) and 51 (0x33) which are the new protocol numbers for ISAKMP.

NOTE:  If the Firewall in the middle is FireWall-1 then you need to allow IPSEC and fw1-topo services.




0
 

Author Comment

by:barthalamu
ID: 7125230
Thank you so much.
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 7128220
A packet sniffer would have gotten you your answer in 4 minutes, not four days

roman0_mx - nmap is not a sniffer, unless you know something I don't.

Kudos to tim, though for finding the info...

Cheers,
-Jon
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question