Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Opening Port 8000 on Checkpoint Firewall NGR55 1

Status
Not open for further replies.
zoeythecat

zoeythecat

Technical User
May 2, 2002
1,666
US
Hi all,

I'm not too familiar with opening and closing ports on our firewall. We have a SPAM Server on our network and when users attempt to connect to this via OWA a page not displayed trying to access ==>
I was told by the SPAM Servers Tech Support team that Port 8000 needs to be opened on the firewall.

How would I do this? Is there any downside to opening Port 8000?

Thanks in advance!
Zoey
 
Sort by date Sort by votes
Add a rule in your rule base to allow this port through. Or, if you already have a rule to allow SMTP to the spam box (which I know that you do), just add TCP 8000 to the services allowed in that rule and install the policy.

If this service isn't already in the list of TCP services just add a new TCP service, give it port 8000 and a name and then it can be added to a rule.

Zoey, get this book;


This is a great resource book for anyone who has to administer Checkpoint Firewall-1.

Chris.



**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
Chris,

Thanks for the link. I will definitely get this book. One question. When I add/create this service I assume I am adding HTTP as the source protocol?

Thanks for your advice

Zoey
 
Upvote 0 Downvote
No, the destination. Your users are trying to connect to the server on port 8000 yes? So they will come from a random source port to port TCP 8000.

I'm guessing that you're new to firewalls?

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
I'm new but i'm learning and starting to understand the rules. My expertise is definitely not in Firewalls. Problem is my colleague is not either so I kind of get hit with troubleshooting these type of situations.

In regards to my users trying to connect to the server on port 8000? When users try to connect to the SPAM Server via OWA port 8000 needs to be open. So yes that is true the users are trying to connect to port 8000. I tried as you suggested to add a new service. There is no TCP Service for Port8000. When I attempt to add the service I add it like this:

Manage==>Services>Add==>New>TCP>8000>Port=8000>

This is the problem, when I click on "Get" it does not resolve the name. The only name it would take is TCP. I also assume I have to give this the Protocol Type (I.E, HTTP?) so I went into the Advanced tab and selected HTTP as the protocol. I'm assuming that the owa users when connecting to the SPAM Server it is opening an HTTP connection.

Any thoughts?

Thanks
 
Upvote 0 Downvote
Chris,

What I did not note was how the rule was defined for the SPAM Server:

Source=*any
Dest=SPAM Server
Service=TCP smtp
Action=Accept

* I'm assuming you are saying I should add the TCP 8000 Service to the destination?

Zoey
 
Upvote 0 Downvote
Zoey,

The "get" feature usually only works when you type in a known name for a service and it "gets" the port. If adding a port just put the port number in (8000) and then give it a name yourself. Note that the name cannot contain spaces. You could just call it "TCP_8000". I generally use this method for unknown ports. You shouldn't need to change anything under the advanced settings.

As for the rule, yes, if you want TCP 8000 to be open to the spam server then you can add it to the SMTP rule. So you would have;

Source=*any
Dest=SPAM Server
Service=TCP smtp / TCP 8000
Action=Accept

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
Chris,

This resolved my problem. I installed the Service as you suggested. As you mentioned I was putting a space in the name. I tested the connection to the SPAM Server from my OWA connection and it looks good.

You have bailed me out twice. Thanks for your help and your patience. I will have to get that book from that link you provided. Sometimes people like yourself are better than the book.

Thanks a bunch,
Zoey
 
Upvote 0 Downvote
No problem Zoey. We're all here to help. Get that book through. It's generally considered to be the bible for Firewall-1 administrators and I still use it day to day myself. The Syngress CCSA and CCSE books are good as well.

Chris.



**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
675
XLNTech1
XLNTech1
Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
hall5942
  • Locked
  • Question
open firewall port on 881
Replies
0
Views
222
hall5942
hall5942
hall5942
  • Locked
  • Question
open firewall port on 881
Replies
0
Views
201
hall5942
hall5942
ttrsux
  • Locked
  • Question
Error opening IKE port 4500 on Interface outside
Replies
0
Views
367
ttrsux
ttrsux

Part and Inventory Search

Sponsor

Back
Top