On This Page
List of Predefined Services for USP
The names and details of the predefined services are listed by protocol:
TCP Services
The names of the predefined TCP services in are:
Service Name |
Port Range |
Comment |
---|---|---|
AOL |
5190 |
AOL Instant Messenger. Also used by: ICQ & Apple iChat |
AP-Defender |
2626 |
Defender Authentication service |
AT-Defender |
2626 |
Defender Authentication service |
BGP |
179 |
Border Gateway Protocol |
Citrix_ICA |
1494 |
Citrix ICA general Service. |
CP_Exnet_PK |
18262 |
Check Point Extranet public key resolution |
CP_Exnet_resolve |
18263 |
Check Point Extranet remote objects resolution |
CP_redundant |
18221 |
Check Point Redundant Management Protocol |
CP_reporting |
18205 |
Check Point Reporting Client Protocol |
CP_rtm |
18202 |
Check Point Real Time Monitoring |
CP_seam |
18266 |
Check Point Eventia Analyzer Server Protocol |
CP_SmartPortal |
4433 |
Check Point Smart Portal |
CP_SSL_Network_Extender |
444 |
SSL Network Extender port |
CPD |
18191 |
Check Point Daemon Protocol |
CPD_amon |
18192 |
Check Point Internal Application Monitoring |
CPMI |
18190 |
Check Point Management Interface |
daytime-tcp |
13 |
Daytime Server Protocol (TCP) |
discard-tcp |
9 |
Discard Server Protocol (TCP) |
domain-tcp |
53 |
Domain Name System Download |
echo-tcp |
7 |
Echo Protocol (TCP) |
EDGE |
981 |
VPN-1 UTM Edge Portal |
Entrust-Admin |
710 |
Entrust CA Administration Service |
Entrust-KeyMgmt |
709 |
Entrust CA Key Management Service |
epmap-tcp |
135 |
RPC Endpoint Mapper |
exec |
512 |
Remote execution (rexec) |
FIBMGR |
2010 |
Forwarding Information Base Manager - Dynamic Routing Cluster config |
finger |
79 |
UNIX |
ftp |
21 |
File Transfer Protocol |
FW1 |
256 |
Check Point Security Gateway Service |
FW1_amon |
18193 |
Check Point OPSEC Application Monitoring |
FW1_clntauth_http |
900 |
Check Point Security Gateway Client Authentication (HTTP) |
FW1_clntauth_telnet |
259 |
Check Point Security Gateway Client Authentication (Telnet) |
FW1_CPRID |
18208 |
Check Point Remote Installation Protocol |
FW1_cvp |
18181 |
Check Point OPSEC Content Vectoring Protocol |
FW1_ela |
18187 |
Check Point OPSEC Event Logging API |
FW1_ica_mgmt_tools |
18265 |
Check Point Internal CA Management Tools |
FW1_ica_pull |
18210 |
Check Point Internal CA Pull Certificate Service |
FW1_ica_push |
18211 |
Check Point Internal CA Push Certificate Service |
FW1_ica_services |
18264 |
Check Point Internal CA Fetch CRL and User Registration Services |
FW1_key |
265 |
Check Point VPN-1 Public Key Transfer Protocol |
FW1_lea |
18184 |
Check Point OPSEC Log Export API |
FW1_log |
257 |
Check Point Security Gateway Logs |
FW1_mgmt |
258 |
Check Point Management (Version 4.x) |
FW1_netso |
19190 |
Check Point User Authority simple protocol |
FW1_omi |
18185 |
Check Point OPSEC Objects Management Interface |
FW1_omi-sic |
18186 |
Check Point OPSEC Objects Management Interface with Secure Internal Communication |
FW1_pslogon |
18207 |
Check Point Policy Server Logon protocol |
FW1_pslogon_NG |
18231 |
Check Point NG Policy Server Logon protocol |
FW1_sam |
18183 |
Check Point OPSEC Suspicious Activity Monitor API |
FW1_sds_logon |
18232 |
Check Point SecuRemote Distribution Server Protocol |
FW1_sds_logon_NG |
65524 |
SecuRemote Distribution Server Protocol (VC and higher) |
FW1_snauth |
261 |
Check Point Security Gateway Session Authentication |
FW1_topo |
264 |
Check Point VPN-1 SecuRemote Topology Requests |
FW1_uaa |
19191 |
Check Point OPSEC User Authority API |
FW1_ufp |
18182 |
Check Point OPSEC URL Filtering Protocol |
gopher |
70 |
The Internet Gopher Protocol |
GoToMyPC |
8200 |
Remote Computer Access & Sharing application |
H323 |
1720 |
videoconference transmissions over IP networks |
http |
80 |
Hypertext Transfer Protocol |
HTTP_and_HTTPS_proxy |
8080 |
|
https |
443 |
HTTP protocol over TLS/SSL |
ident |
113 |
Identify RCS keyword strings in files |
IKE-tcp |
500 |
IPSEC Internet Key Exchange Protocol over TCP |
imap |
143 |
Interactive Mail Access Protocol |
IMAP-SSL |
993 |
SSL encrypted IMAP |
IPSO_Clustering_Mgmt_Protocol |
1111 |
used for distributing configuration changes among cluster members and cluster wide monitoring |
irc2 |
7000 |
Internet Relay Chat Protocol |
Kerberos_v5_TCP |
88 |
Kerberos authentication protocol (version 5) |
ldap |
389 |
Lightweight Directory Access Protocol |
ldap-ssl |
636 |
Lightweight Directory Access Protocol over TLS/SSL |
login |
513 |
Remote login (rlogin) |
lotus |
1352 |
Lotus iNotes Web Access Protocol |
lpdw0rm |
515 |
Also used by: Ramen trojan and printer service. |
microsoft-ds |
445 |
Microsoft CIFS over TCP |
MS-SQL-Monitor |
1434 |
Microsoft SQL Monitor |
MS-SQL-Server |
1433 |
Microsoft SQL Server |
MSNP |
1863 |
MSN Messenger |
MySQL |
3306 |
|
nbsession |
139 |
NetBios Session Service |
NCP |
524 |
Novell NetWare Core Protocol |
netshow |
1755 |
Microsoft NetShow (Windows Media Player) |
netstat |
15 |
UNIX netstat Protocol |
nfsd-tcp |
2049 |
Network File System Daemon over TCP |
nntp |
119 |
Network News Transfer Protocol |
ntp-tcp |
123 |
Network Time Protocol (TCP) |
OAS-NameServer |
2649 |
Oracle Application Server (IIOP) NameServer |
OAS-ORB |
2651 |
Oracle Application Server (IIOP) ORB |
pcANYWHERE-data |
5631 |
PCs remote access security software |
pcTELECOMMUTE-FileSync |
2299 |
Symantec pcTELECOMMUTE File Synchronization |
pop-2 |
109 |
Post Office Protocol - Version 2 |
pop-3 |
110 |
Post Office Protocol - Version 3 |
POP3S |
995 |
SSL protocol over POP3S |
PostgreSQL |
5432 |
PostgreSQL database server |
pptp-tcp |
1723 |
Point-to-Point Tunneling Protocol |
RainWall_Command |
6374 |
RainWall high availability daemon |
Real-Audio |
7070 |
RealNetworks PNA Protocol |
RealSecure |
2998 |
Automatic 'Suspicious Activity Monitoring' activator |
Remote_Debug |
8787 |
|
Remote_Desktop_Protocol |
3389 |
Microsoft RDP |
rtsp |
554 |
Real Time Streaming Protocol |
SCCP |
2000 |
Skinny Call Control Protocol |
securidprop |
5510 |
Token based Authentication service (TCP) |
shell |
514 |
Remote shell (rsh) |
sip_tls |
5061 |
Session Initiation Protocol over non-encrypted Transport Layer Security |
sip-tcp |
5060 |
Session Initiation Protocol over TCP |
smtp |
25 |
Simple Mail Transfer Protocol |
SMTPS |
465 |
SSL protocol over SMTPS |
sqlnet1-2 |
1521 |
Oracle SQL*Net Version 1 and 2 |
sqlnet2-1525 |
1525 |
Oracle SQL*Net Version 2 Services |
sqlnet2-1526 |
1526 |
Oracle SQL*Net Version 2 Services |
Squid_NTLM |
3128 |
Squid NTLM authentication |
ssh |
22 |
secure shell |
StoneBeat-Control |
3002 |
Stonesoft StoneBeat Control |
StoneBeat-Daemon |
3001 |
Stonesoft StoneBeat Daemon Heartbeat |
T.120 |
1503 |
H323 |
TACACSplus |
49 |
Terminal Access Controller Access Control System over TCP |
tcp-high-ports |
>1023 |
TCP Ports 1024-65535 |
telnet |
23 |
Telnet Protocol |
time-tcp |
37 |
Time Server Protocol (TCP) |
UserCheck |
18300 |
Check Point Daemon Protocol |
uucp |
540 |
Unix-to-Unix Copy Program |
wais |
210 |
Wide Area Information Servers |
X11 |
6000-6063 |
X Window System |
Yahoo_Messenger_messages |
5050 |
Yahoo Messenger messages |
Yahoo_Messenger_Voice_Chat_TCP |
5000-5001 |
Yahoo Messenger Voice Chat |
Yahoo_Messenger_Webcams |
5100 |
Yahoo Messenger Webcams video |
UDP Services
The names of the predefined UDP services are:
Service Name |
Port Range |
Comment |
---|---|---|
biff |
512 |
UNIX biff Protocol |
bootp |
67 |
Bootstrap Protocol Server |
Citrix_ICA_Browsing |
1604 |
UDP Service for general Citrix browsing |
daytime-udp |
13 |
Daytime Server Protocol (UDP) |
dhcp |
68 |
DHCP |
discard-udp |
9 |
Discard Server Protocol (UDP) |
domain-udp |
53 |
Domain Name System Queries |
E2ECP |
18241 |
Check Point End to End Control Protocol |
echo-udp |
7 |
Echo Protocol (UDP) |
epmap-udp |
135 |
RPC Endpoint Mapper |
FW1_load_agent |
18212 |
Check Point ConnectControl Load Agent |
FW1_scv_keep_alive |
18233 |
Check Point SecureClient Verification Keepalive Protocol |
FW1_snmp |
260 |
Check Point Security Gateway SNMP Agent |
H323_ras |
1719 |
RAS and associated connections (H.323 protocols) |
Hotline_tracker |
5499 |
Hotline tracker connections |
ICQ_locator |
4000 |
Mirabilis ICQ versions |
IKE |
500 |
IPSEC Internet Key Exchange Protocol (formerly ISAKMP/Oakley) |
IKE_NAT_TRAVERSAL |
4500 |
Nat Traversal Protocol |
Kerberos_v5_UDP |
88 |
Kerberos authentication protocol (version 5) |
kerberos-udp |
750 |
secure method for authenticating a request for service |
L2TP |
1701 |
Layer 2 Tunneling Protocol |
ldap-udp |
389 |
LDAP udp service |
MetaIP-UAT |
5004 |
Check Point Meta IP UAM Client-Server Communication |
mgcp_CA |
2727 |
Media Gateway Control Protocol - Call-Agent port |
mgcp_MG |
2427 |
Media Gateway Control Protocol - Media Gateway port |
microsoft-ds-udp |
445 |
Microsoft CIFS over UDP |
MS-SQL-Monitor_UDP |
1434 |
Microsoft-SQL-Monitor_UDP |
MS-SQL-Server_UDP |
1433 |
Microsoft SQL Server |
MSN_Messenger_1863_UDP |
1863 |
Microsoft Network Messenger UDP |
MSN_Messenger_5190 |
5190 |
Microsoft Network Messenger |
MSN_Messenger_Voice |
6901 |
Microsoft Network Messenger Voice communication |
name |
42 |
Host Name Server |
nbdatagram |
138 |
NetBios Datagram Service |
nbname |
137 |
NetBios Name Service |
NEW-RADIUS-ACCOUNTING |
1812 |
NEW - Remote Authentication Dial-In User Service |
NEW-RADIUS-ACCOUNTING |
1813 |
NEW - Remote Authentication Dial-In User Service accounting |
nfsd |
2049 |
Network File System Daemon over UDP (earlier versions of NFS) |
ntp-udp |
123 |
Network Time Protocol (UDP) |
pcANYWHERE-stat |
5632 |
PCs remote access security software |
RADIUS |
1645 |
Remote Authentication Dial-In User Service |
RADIUS-ACCOUNTING |
1646 |
Remote Authentication Dial-In User Service accounting |
RainWall_Daemon |
6372 |
RainWall daemons communication |
RainWall_Status |
6374 |
RainWall remote management status |
RainWall_Stop |
6373 |
RainWall monitoring |
RDP |
259 |
Check Point VPN-1 FWZ Key Negotiations - Reliable Datagram Protocol |
rip |
520 |
Routing Information Protocol |
RIPng |
521 |
Routing Information Protocol for IPv6 |
securid-udp |
5500 |
Token based Authentication service (UDP) |
sip |
5060 |
Session Initiation Protocol |
snmp |
161 |
Simple Network Management Protocol |
SWTP_Gateway |
9281 |
VPN-1 Embedded/SofaWare commands |
SWTP_SMS |
9282 |
VPN-1 embedded / SofaWare Management Server (SMS) |
syslog |
514 |
UNIX syslog Protocol |
TACACS |
49 |
Terminal Access Controller Access Control System over UDP |
tftp |
69 |
Trivial File Transfer Protocol |
time-udp |
37 |
Time Server Protocol (UDP) |
tunnel_test |
18234 |
Check Point tunnel testing application |
udp-high-ports |
>1023 |
UDP Ports 1024-65535 |
VPN1_IPSEC_encapsulation |
2746 |
Check Point VPN-1 SecuRemote IPSEC Transport Encapsulation Protocol |
wap_wdp |
9200 |
Wireless Datagram Protocol: a simplified protocol suitable for low bandwidth mobile stations enables a connectionless mode. |
wap_wdp_enc |
9202 |
Wireless Datagram Protocol with Wireless Transport Layer Security |
wap_wtp |
9201 |
Wireless Transaction Protocol: a simplified protocol suitable for low bandwidth mobile stations enables a connection mode. |
wap_wtp_enc |
9203 |
Wireless Transaction Protocol with Wireless Transport Layer Security |
who |
513 |
UNIX who Protocol |
ICMP Services
For R23-1 PHF1.0.0 and later, when building the USP use icmp-proto. ICMP is considered an application.
The names of the predefined ICMP services are:
Service Name |
Type |
---|---|
dest-unreach |
3 |
echo-reply |
0 |
echo-request |
8 |
info-reply |
16 |
info-req |
15 |
mask-reply |
18 |
mask-request |
17 |
param-prblm |
12 |
redirect |
5 |
source-quench |
4 |
time-exceeded |
11 |
timestamp |
13 |
timestamp-reply |
14 |
Other Services
Service Name |
IP Protocol |
Comment |
---|---|---|
AH |
51 |
IPSEC Authentication Header Protocol |
egp |
8 |
Exterior Gateway Protocol |
ESP |
50 |
IPSEC Encapsulating Security Payload Protocol |
FW1_Encapsulation |
94 |
Check Point VPN-1 SecuRemote FWZ Encapsulation Protocol |
ggp |
3 |
Gateway-to-Gateway protocol |
gre |
47 |
Generic Route Encapsulation Protocol |
icmp-proto |
1 |
Internet Control Message Protocol |
igmp |
2 |
Internet Group Management Protocol |
igrp |
9 |
Cisco Interior Gateway Routing Protocol |
IP_Mobility |
55 |
IP Mobility protocol |
ospf |
89 |
Open Shortest Path First Interior GW Protocol |
PIM |
103 |
Protocol-Independent Multicast |
SIT |
41 |
IPv6 encapsulated in IPv4 |
Sitara |
109 |
Sitara Networks Protocol (SpeedSeeker) |
SKIP |
57 |
IPSEC Simple Key Management for Internet Protocols |
SUN_ND |
77 |
Sun ND protocol |
SWIPE |
53 |
swIPe protocol |
vrrp |
112 |
Virtual Router Redundancy Protocol |