Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7499
  • Last Modified:

Secure Remote NG - What ports does it use??

I had to upgrade to Secure Remote NG because the server on the other side was upgraded.  It seems that NG uses a different set of ports to communicate than the older version did.  I am not able to connect to the secure server with my firewall up.  When I bring my firewall down, I can telnet in just fine.

I need to know which ports that Secure Remote NG uses to communicate with the server, so I can open them up on my firewall.  I have had a hard time finding this info.

Thanks.
0
barthalamu
Asked:
barthalamu
1 Solution
 
The--CaptainCommented:
I avoid checkpoint for just these reasons [it's crappy], but maybe this link will help...

http://www.firewall-1.org/2002-05/msg00318.html

In any case, can't you just resolve this with an appropriately-situated packet-sniffer?

Cheers,
-Jon





0
 
barthalamuAuthor Commented:
I didn't find what I was looking for from that link.  Thanks though.

Yes, I can use a packet sniffer, and will do that if no one knows or knows where to find out the exact ports that Secure Remote NG uses to communicate on.
0
 
The--CaptainCommented:
If you can't find documentation on the ports in use, then a packet sniffer may be one of your only options - let me know how things proceed...

Cheers.
-Jon
0
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

 
roman0_mxCommented:
barthalamu

Download one sniffer / Scanner port, for example the Nmap (its free)

And run them again your firewall ( or other devices), to see the open ports an then try these open ports to connect.

http://www.insecure.org/

Ciao.
0
 
Tim HolmanCommented:
No change - should just be the same ones as with 4.1.
From Check Point SecureKnowledge:

Which ports need to be opened for a SecuRemote session to be allowed through a filtering device such as FireWall-1?
 
Solution ID: 3.0.135325.2193947
Creation Date: 06/18/1999
Revised Date: 05/23/2002
       Email this solution
 Rate this solution
 
 
Environment: SecuRemote 4.0, SecuRemote 4.1, SecureClient 4.1, SecuRemote NG, SecureClient NG, VPN-1/ FireWall-1, Ports, Protocol 50, Protocol 51, Protocol 94
 
Symptoms:
Unable to establish SecuRemote session with a remote Firewall-1 through a filtering device
 
Cause:
The filtering device has the following ports blocked: -TCP Port 264 -TCP Port 256 -UDP Port 259 -UDP Port 500 -Protocol 94, 50 and 51.
 
Solution:
1. To download the topology, you need to open TCP port 256, whatever encryption scheme is used .

*  If using SecuRemote 4.1 or NG, then by default the topology will be downloaded on TCP port 264.

*  If using SecuRemote 4.1 with FireWall-1 3.0b or 4.0, SecuRemote will first try to get the topology on port 264; if it is not successful after 30 seconds, it will try on port 256.
See the Solution: Topology Download problems with SecuRemote 4.1/FireWall-1 4.1 to learn more about this issue.

*  If using SecuRemote 3.0 or 4.0 with FireWall-1 4.1, add a rule in FireWall-1, that accepts connections from SecuRemote users to the SecuRemote server on port 256.

2. To establish a connection between SecuRemote Client and the server:
If using the FWZ encryption scheme, open UDP port 259 for the Authentication.

NOTE: If not using encapsulation, create rules to allow the actual traffic.
If using encapsulation, just add one rule allowing traffic on protocol 94 (0x5e) which is the new IP protocol number.
For ISAKMP, open UDP port 500 (ISAKMP service) for Authentication, and allow traffic on protocol 50 (0x32) and 51 (0x33) which are the new protocol numbers for ISAKMP.

NOTE:  If the Firewall in the middle is FireWall-1 then you need to allow IPSEC and fw1-topo services.




0
 
barthalamuAuthor Commented:
Thank you so much.
0
 
The--CaptainCommented:
A packet sniffer would have gotten you your answer in 4 minutes, not four days

roman0_mx - nmap is not a sniffer, unless you know something I don't.

Kudos to tim, though for finding the info...

Cheers,
-Jon
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now