Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] Ports to open on a Linux firewall

from Greg Chavez [Permanent Link]
Subject: Re: [FW-1] Ports to open on a Linux firewall
From: Greg Chavez <greg.chavez AT GMAIL DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Fri, 30 Jul 2004 13:19:02 -0400 
ip/50 is an IP protocol number, not a port number.  For example, TCP
is ip/6 and UDP is ip/17.  ESP, the "Encapsulating Security Payload",
is part of IPSec and uses its own IP protocol.  If you can't figure
out how to pass this through intervening firewalls, you may need to
use UDP encapsulation which requires udp/2746.

http://www.phoneboy.com/bin/view.pl/FAQs/SecureClientThruFireWall1

--Greg Chavez

On Fri, 30 Jul 2004 16:32:44 +0100, Kitchener, Steve
<steve.kitchener AT bronermetals DOT com> wrote:
> Hi Greg,
>
> Thanks for the info - Can you clear the info up, must be me not
> understanding,
> is the ip/50 a port number or a protocol ?
>
> Thanks
>
>
>
> -----Original Message-----
> From: Greg Chavez [mailto:greg.chavez AT GMAIL DOT COM]
> Sent: 30 July 2004 13:18
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] Ports to open on a Linux firewall
>
> For sure you will need:
>
> ip/50 -- IPSec
> udp/500  -- IKE
> tcp/264  -- Checkpoint topology download
>
> Make sure that these ports get through and you should be okay.
> Checkpoint has some other proprietary ports related to client VPN, but
> I think they are also tunneled.
>
> --Greg Chavez
>
> On Fri, 30 Jul 2004 09:54:53 +0100, Kitchener, Steve
> <steve.kitchener AT bronermetals DOT com> wrote:
> > Hi Robert,
> >
> > It's a client on a PC here to a server at the customers site. Our customer
> > has allowed the connection, I have been told. I can't test as no
> connection
> > has been made.
> >
> > -----Original Message-----
> > From: Robert Plaenk [mailto:rplaenk AT NETCYCLOPS DOT COM]
> > Sent: 29 July 2004 21:45
> > To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> > Subject: Re: [FW-1] Ports to open on a Linux firewall
> >
> >
> > There are some questions that you still need to answer for us. Are they
> > connecting via SecuRemote/Secure Client, or is site-to-site VPN? Has the
> > other side allowed the communication? If it's VPN, then are you
> > encrypting? What testing have you done? What kind of
> > traffic/applications?
> >
> >
> >
> > -----Original Message-----
> > From: Mailing list for discussion of Firewall-1
> > [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of
> > Kitchener, Steve
> > Sent: Thursday, July 29, 2004 12:20 PM
> > To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> > Subject: [FW-1] Ports to open on a Linux firewall
> >
> > Hi,
> >
> > I have a need to allow our users connect to a customers site that is
> > running FW1-NG.
> >
> > When we try to connect it fails, I am guessing that I need to open up
> > our firewall to allow some incoming connection(s), but I don't know what
> > ports I need to open or redirect from outside the firewall to allow the
> > connection to work.
> >
> > Can someone let me know which ports and protocols I need to allow in
> > please,
> >
> > Thanks
> >
> > Stephen Kitchener
> > IT Manager
> >
> > Broner Metals Solutions
> > 1 Century Court, Tolpits Lane
> > Watford, WD18 9PT, UK
> > Tel  +44 (0) 1923 652125
> > Fax  +44 (0) 1923816456
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages, send an email to
> > LISTSERV AT amadeus.us.checkpoint DOT com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your subscription options,
> > email fw-1-owner AT ts.checkpoint DOT com
> > =================================================
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > fw-1-owner AT ts.checkpoint DOT com
> > =================================================
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > fw-1-owner AT ts.checkpoint DOT com
> > =================================================
> >
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] Ports to open on a Linux firewall, Kitchener, Steve
Next by Date:  [FW-1] List of third-party FireWall-1 software tools, Denise Cruz
Previous by Thread:  Re: [FW-1] Ports to open on a Linux firewall, Kitchener, Steve
Next by Thread:  [FW-1] HOWTO change the SNMP community string in a cluster?, Michael Schwartzkopff
Indexes:  [Date] [Thread] [Top] [All Lists]