Connection Port to Services on an Endpoint Security Management Server
|
|
Important: |
SSL connection ports on Security Management Servers R81 and higher
-
A Security Management Server
Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. listens to SSL traffic for all services on the TCP port 443 in these cases:-
If you performed a clean installation of a Security Management Server
Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. R81.10 and enabled the Endpoint Policy Management Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities.. -
If you upgraded a Security Management Server with disabled Endpoint Policy Management Software Blade to R81.10 and enabled this Software Blade after the upgrade.
In these cases, when Endpoint Security SSL traffic arrives at the TCP port 443, the Security Management Server automatically redirects it (internally) to the TCP port 4434.
Service
URL and Port
Gaia Portal
Web interface for the Check Point Gaia operating system.
https://<IP Address of Gaia Management Interface>SmartView Web Application
https://<IP Address of Management Server>/smartview/Management API Web Services
https://<IP Address of Management Server>/web_api/<command> -
-
If you upgraded a Security Management Server with enabled Endpoint Policy Management Software Blade to R81.10, then the SSL port configuration remains as it was in the previous version, from which you upgraded:
-
A Security Management Server listens to Endpoint Security SSL traffic on the TCP port 443
-
A Security Management Server listens to SSL traffic for all other services on the TCP port 4434:
Service
URL and Port
https://<IP Address of Gaia Management Interface>:4434SmartView Web Application
https://<IP Address of Management Server>:4434/smartview/Management API Web Services
https://<IP Address of Management Server>:4434/web_api/<command>
In R81 and higher, an administrator can manually configure different TCP ports for the Gaia Portal (and other services) and Endpoint Security - 443 or 4434. For the applicable procedures, see the R81.10 Harmony Endpoint Security Server Administration Guide > Chapter Endpoint Security Architecture > Section Connection Port to Services on an Endpoint Security Management Server.
-
SSL connection ports on Security Management Servers R80.40 and lower
-
When you enable the Endpoint Policy Management Software Blade on a Security Management Server, the SSL connection port to these services automatically changes from the default TCP port 443 to the TCP port 4434:
-
Gaia Portal
Configuration
URL and Port
Default
https://<IP Address of Gaia Management Interface>New
https://<IP Address of Gaia Management Interface>:4434 -
SmartView Web Application
Configuration
URL and Port
Default
https://<IP Address of Management Server>/smartview/New
https://<IP Address of Management Server>:4434/smartview/ -
Management API Web Services (see Check Point Management API Reference)
Configuration
URL and Port
Default
https://<IP Address of Management Server>/web_api/<command>New
https://<IP Address of Management Server>:4434/web_api/<command>
-
-
When you disable the Endpoint Policy Management Software Blade on a Security Management Server, the SSL connection port automatically changes back to the default TCP port 443.