AFAIK, port 264 is used for topology download. Thus, if you download it only
from your local network AND you don't plan to change it frequently, closing
port 264 could be feasible. Else, you would be unable to update topology
from remote locations.
Just my 0,02
NA
- Original Message
I don't think the secure clients require port 264 to communicate with the
FW. The clients use IPSEC and which uses udp port 500 and protocol 5051.
Regards,
Judie
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Raymond
Jacob
All,
We are running Checkpoint NG FP4 and while running various kinds on scan on the FW
from internet , we find that port 264 and 18264 are opened. With this we understand
that it is possible for users to telnet to the FW on these 2 ports (264 and 18264)
and refine their attacks by using the
Am Donnerstag, 1. Juli 2004 13:28 schrieb Ajay Mal:
All,
We are running Checkpoint NG FP4 and while running various kinds on scan on
the FW from internet , we find that port 264 and 18264 are opened. With
this we understand that it is possible for users to telnet to the FW on
these 2 ports
Create a rule to restrict which hosts can manage/connect to the firewall and
block external connection to the ports on your main router.
Regards,
Judie
Judie Ayoola
Network Security Officer
ISLS
University of Westminster
115 New Cavendish St
London
Can the Secure Remote/Client VPN clients be Nat'ed behind a firewall?
I know NAT-T(udp encapsulation) will work but I was not sure
if ports 264 and 18264 would work if the source ip address of the
client was nat'd?
thank you,
Raymond
Yes, we set everyone to UDP encapsulation and IKE over TCP and have no NAT
issues.
Ray
From: Raymond Jacob [EMAIL PROTECTED]
Reply-To: Mailing list for discussion of Firewall-1
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Blocking of port 264 and 18264 on Checkpoint
Date: Thu, 1