Hi,
I recently installed Checkpoint Firewall-1 on an NT Server, and I found
something odd when I was checking it with a series of port scans.
Everything turned out as expected except for open tcp ports 256, 257 and
258. What makes this stranger is that these ports were only found open on a
bogus address used for NAT from the Internet to a Domino server inside the
LAN. There were only three (non-implicit) rules, one for traffic to the
Domino server, one for traffic from the Domino server, and one to reject all
other packets, to make the port scan go more smoothly.
If this is a FAQ then you have my apologies; please just point me in the
right direction.
Sounds like you accepted the Firewall-1 default of "Accept Firewall-1 Control Connections". When you do this, you open up these ports. From www.phoneboy.com
TCP Port 256 is used for three important things:
Exchange of CA and DH keys in FWZ and SKIP encryption between two FireWall-1 Management Consoles.
A SecuRemote Client uses this port to fetch the network topology and encryption key from a FireWall-1 Management Console.
When instaling a policy, the management console uses this port to push the policy to the remote firewall.
TCP Port 257 is used by a remote firewall module to send logs to a management console.
TCP Port 258 is used by the fwpolicy remote GUI.
Some fw-1 admins reject the defaults and add explicit rules for connections to these ports.
-- Joe
