Communication Protocols
Because the SIP modules are browser-based, HTTPS is the communication protocol. Below are tables listing the various ports used for connecting and their function relating to inbound (ingress) and outbound (egress) communication.
Inbound Communication
| Port | Type | Connection | Function |
|---|---|---|---|
| 22 | TCP | SSH | Used to retrieve configuration information from the Data Collector to non-Check Point devices. |
| 50 | IP protocol | IPsec ESP | This port is used to authenticate and encrypt data packets. Starting with v9.1, NFS traffic will use port 50 to pass traffic. |
| 80 | TCP | HTTPS | Used to listen on 0.0.0.0. It redirects to 443. |
| 443 | TCP | HTTPS | Used for secure communication between the Application Server and Data Collector, and from a web browser to the Application Server. Also for SSL access to .gov from the Application Server to download new CVE updates. |
| 500 | UDP | ISAKMP | This port is used to authenticate and encrypt data packets. |
| 2003 | TCP | HTTPS | This port is used to collect metrics and time series data for server health. |
| 2049 | TCP | NFS | This is the port number the NFS server is listening on. This provides a shared file system for distributed deployments. Starting with v9.1, this open port is no longer needed for NFS. |
| 4500 | UDP | IPsec NAT-T | This port is used to authenticate and encrypt data packets. |
| 5150 | TCP | SSL | This port is used for clustered data collectors to communicate with each other. |
| 5432 | TCP | PostgresSQL | This is the port number the PostgreSQL database server is listening on. |
| 5701 | TCP | Distr Cache | This is the port number for the Security Manager distributed cache. |
| 5702 | TCP | Distr Cache | This is the port number for the workflow (Policy Planner and Policy Optimizer) distributed cache. |
| 6155 | UDP | Cluster Discovery | This is the port number for JMS cluster member discovery. |
| 8080 | TCP | API | Required for Fortinet FortiManager to access API. |
| 9103 | TCP | HTTP | This port is used by collectd to listen only for performance metrics. This port is never exposed to the network. |
| 9200 | TCP | HTTPS | This port is used for secure communication between the application server and data collector, and from a web browser to the application server. Also for SSL access to .gov for the application server to download new CVE files. |
| 9300 | TCP | HTTPS | This port is used for ElasticSearch HTTP interface. |
| 54327 | UDP | Cluster Discovery | This is the port used for distributed cache cluster member discovery. |
| 55555 | TCP | HTTPS | This port is used to access the FMOS Control Panel server. |
| 61617 | TCP | Distr MSG Queue | This is the port number for the java message service (JMS) listener. JMS messaging allows application components to create, send, receive, and read messages. |
Outbound Communication
| Port | Type | Connection | Function |
|---|---|---|---|
| 22 | TCP | SSH | Used to retrieve configuration information from the data collector to non-Check Point devices. |
| 25 | TCP | SMTP | Used to send secure email notifications from the Application Server. |
| 53 | UDP | DNS | Used to validate FQDN. |
| 123 | TCP | NTP | Used to sync with a time-saver. |
| 443 | TCP | HTTPS | From the browser to the application server, and from the application server to .gov websites. Used to export configurations from Security Manager over SSL. Also for SSL access to .gov from the application server to download new CVE updates. Also used to retrieve configuration information from the data collector to devices supporting HTTPS API. |
| 514 / 6514 | UDP/TCP | Syslog |
Required only if you are using a central Syslog for the data collector to listen on for change and usage messages. Port 6514 is open for data collector hosts only for Palo Alto Prisma devices using Syslog-over-TLS |
| 830 | TCP | Netconf | Required for Juniper SRX automation. |
| 1470 | TCP | Syslog | Required only if you are using a central syslog Cisco device for the data collector to listen on for change and usage messages. |
| 8080 | TCP | API | Required for Fortinet FortiManager to access API. |
| 8082 | TCP | API | Required for Forcepoint Stonesoft API. |
| 8428 | TCP | API | Used for Victoria Metrics HTTP API. Requires enabling in the FMOS Control Panel. |
| 18184 | TCP | CP LEA | Used to establish a LEA connection between the data collector and Check Point management server.SIP uses log export API (LEA) to connect to a Check Point log server. |
| 18190 | TCP |
CP CPMI |
From the data collector to the management server. Default FireWall-1 port for CPMI communication. Used to retrieve policies from the management server. |
| 18210 | TCP | CP Certs | Used to generate certificate used in encrypted communication between data collector and Check Point management server. |