What ports 18190, 18209, 18210, 18211, in Checkpoint are used for ?
For the correct functioning the Checkpoint uses quite a lot of ports, some are a must some or not. The ports listed above are in ‘a must’ category. Let’s see:
18190 for R77.x/19009 for R80+ (NOTE: R77.x versions used 18190 exclusively, starting with R80.x the port changed to 19009 while still using 18190 for legacy apps only, e.g. when opening SmartDashboard for Mobile Access configuration. So, for exam takers - the 19009 is the port used by SmartConsole) The CPMI (Checkpoint Management Interface) is used by SmartConsole client to connect and manage the Management server. This is the port to check if trying to connect by SmartConsole you get the error “Please verify that Management is running and you are allowed to connect by GUI client”.
18209 SIC (Secure Internal Communications) protocol uses this port for all SIC conversations between the Management server and the firewall modules managed by it. This is the port to check when you try to install the Security Policy and it fails with an error “could not establish connection …” .
18210, 18211 These ports are used for the internal certificate exchange between ICA ( Internal Certificate Authority) which is part of the Management server and Checkpoint firewall modules. You don’t need this port constantly, the firewall modules and Management server exchange certificates once in a while, but still – all the communication between Management server and firewall modules is encrypted using these certificates, and if the certificate is expired and the new one cannot be downloaded the SIC will break.
For the degailed list of ports in Checkpoint, see Heiko post on Checkpoint Community
Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.