On This Page
List of Predefined Services for USP
The names and details of the predefined services are listed by protocol:
TCP Services
The names of the predefined TCP services in are:
|
Service Name |
Port Range |
Comment |
|---|---|---|
|
AOL |
5190 |
AOL Instant Messenger. Also used by: ICQ & Apple iChat |
|
AP-Defender |
2626 |
Defender Authentication service |
|
AT-Defender |
2626 |
Defender Authentication service |
|
BGP |
179 |
Border Gateway Protocol |
|
Citrix_ICA |
1494 |
Citrix ICA general Service. |
|
CP_Exnet_PK |
18262 |
Check Point Extranet public key resolution |
|
CP_Exnet_resolve |
18263 |
Check Point Extranet remote objects resolution |
|
CP_redundant |
18221 |
Check Point Redundant Management Protocol |
|
CP_reporting |
18205 |
Check Point Reporting Client Protocol |
|
CP_rtm |
18202 |
Check Point Real Time Monitoring |
|
CP_seam |
18266 |
Check Point Eventia Analyzer Server Protocol |
|
CP_SmartPortal |
4433 |
Check Point Smart Portal |
|
CP_SSL_Network_Extender |
444 |
SSL Network Extender port |
|
CPD |
18191 |
Check Point Daemon Protocol |
|
CPD_amon |
18192 |
Check Point Internal Application Monitoring |
|
CPMI |
18190 |
Check Point Management Interface |
|
daytime-tcp |
13 |
Daytime Server Protocol (TCP) |
|
discard-tcp |
9 |
Discard Server Protocol (TCP) |
|
domain-tcp |
53 |
Domain Name System Download |
|
echo-tcp |
7 |
Echo Protocol (TCP) |
|
EDGE |
981 |
VPN-1 UTM Edge Portal |
|
Entrust-Admin |
710 |
Entrust CA Administration Service |
|
Entrust-KeyMgmt |
709 |
Entrust CA Key Management Service |
|
epmap-tcp |
135 |
RPC Endpoint Mapper |
|
exec |
512 |
Remote execution (rexec) |
|
FIBMGR |
2010 |
Forwarding Information Base Manager - Dynamic Routing Cluster config |
|
finger |
79 |
UNIX |
|
ftp |
21 |
File Transfer Protocol |
|
FW1 |
256 |
Check Point Security Gateway Service |
|
FW1_amon |
18193 |
Check Point OPSEC Application Monitoring |
|
FW1_clntauth_http |
900 |
Check Point Security Gateway Client Authentication (HTTP) |
|
FW1_clntauth_telnet |
259 |
Check Point Security Gateway Client Authentication (Telnet) |
|
FW1_CPRID |
18208 |
Check Point Remote Installation Protocol |
|
FW1_cvp |
18181 |
Check Point OPSEC Content Vectoring Protocol |
|
FW1_ela |
18187 |
Check Point OPSEC Event Logging API |
|
FW1_ica_mgmt_tools |
18265 |
Check Point Internal CA Management Tools |
|
FW1_ica_pull |
18210 |
Check Point Internal CA Pull Certificate Service |
|
FW1_ica_push |
18211 |
Check Point Internal CA Push Certificate Service |
|
FW1_ica_services |
18264 |
Check Point Internal CA Fetch CRL and User Registration Services |
|
FW1_key |
265 |
Check Point VPN-1 Public Key Transfer Protocol |
|
FW1_lea |
18184 |
Check Point OPSEC Log Export API |
|
FW1_log |
257 |
Check Point Security Gateway Logs |
|
FW1_mgmt |
258 |
Check Point Management (Version 4.x) |
|
FW1_netso |
19190 |
Check Point User Authority simple protocol |
|
FW1_omi |
18185 |
Check Point OPSEC Objects Management Interface |
|
FW1_omi-sic |
18186 |
Check Point OPSEC Objects Management Interface with Secure Internal Communication |
|
FW1_pslogon |
18207 |
Check Point Policy Server Logon protocol |
|
FW1_pslogon_NG |
18231 |
Check Point NG Policy Server Logon protocol |
|
FW1_sam |
18183 |
Check Point OPSEC Suspicious Activity Monitor API |
|
FW1_sds_logon |
18232 |
Check Point SecuRemote Distribution Server Protocol |
|
FW1_sds_logon_NG |
65524 |
SecuRemote Distribution Server Protocol (VC and higher) |
|
FW1_snauth |
261 |
Check Point Security Gateway Session Authentication |
|
FW1_topo |
264 |
Check Point VPN-1 SecuRemote Topology Requests |
|
FW1_uaa |
19191 |
Check Point OPSEC User Authority API |
|
FW1_ufp |
18182 |
Check Point OPSEC URL Filtering Protocol |
|
gopher |
70 |
The Internet Gopher Protocol |
|
GoToMyPC |
8200 |
Remote Computer Access & Sharing application |
|
H323 |
1720 |
videoconference transmissions over IP networks |
|
http |
80 |
Hypertext Transfer Protocol |
|
HTTP_and_HTTPS_proxy |
8080 |
|
|
https |
443 |
HTTP protocol over TLS/SSL |
|
ident |
113 |
Identify RCS keyword strings in files |
|
IKE-tcp |
500 |
IPSEC Internet Key Exchange Protocol over TCP |
|
imap |
143 |
Interactive Mail Access Protocol |
|
IMAP-SSL |
993 |
SSL encrypted IMAP |
|
IPSO_Clustering_Mgmt_Protocol |
1111 |
used for distributing configuration changes among cluster members and cluster wide monitoring |
|
irc2 |
7000 |
Internet Relay Chat Protocol |
|
Kerberos_v5_TCP |
88 |
Kerberos authentication protocol (version 5) |
|
ldap |
389 |
Lightweight Directory Access Protocol |
|
ldap-ssl |
636 |
Lightweight Directory Access Protocol over TLS/SSL |
|
login |
513 |
Remote login (rlogin) |
|
lotus |
1352 |
Lotus iNotes Web Access Protocol |
|
lpdw0rm |
515 |
Also used by: Ramen trojan and printer service. |
|
microsoft-ds |
445 |
Microsoft CIFS over TCP |
|
MS-SQL-Monitor |
1434 |
Microsoft SQL Monitor |
|
MS-SQL-Server |
1433 |
Microsoft SQL Server |
|
MSNP |
1863 |
MSN Messenger |
|
MySQL |
3306 |
|
|
nbsession |
139 |
NetBios Session Service |
|
NCP |
524 |
Novell NetWare Core Protocol |
|
netshow |
1755 |
Microsoft NetShow (Windows Media Player) |
|
netstat |
15 |
UNIX netstat Protocol |
|
nfsd-tcp |
2049 |
Network File System Daemon over TCP |
|
nntp |
119 |
Network News Transfer Protocol |
|
ntp-tcp |
123 |
Network Time Protocol (TCP) |
|
OAS-NameServer |
2649 |
Oracle Application Server (IIOP) NameServer |
|
OAS-ORB |
2651 |
Oracle Application Server (IIOP) ORB |
|
pcANYWHERE-data |
5631 |
PCs remote access security software |
|
pcTELECOMMUTE-FileSync |
2299 |
Symantec pcTELECOMMUTE File Synchronization |
|
pop-2 |
109 |
Post Office Protocol - Version 2 |
|
pop-3 |
110 |
Post Office Protocol - Version 3 |
|
POP3S |
995 |
SSL protocol over POP3S |
|
PostgreSQL |
5432 |
PostgreSQL database server |
|
pptp-tcp |
1723 |
Point-to-Point Tunneling Protocol |
|
RainWall_Command |
6374 |
RainWall high availability daemon |
|
Real-Audio |
7070 |
RealNetworks PNA Protocol |
|
RealSecure |
2998 |
Automatic 'Suspicious Activity Monitoring' activator |
|
Remote_Debug |
8787 |
|
|
Remote_Desktop_Protocol |
3389 |
Microsoft RDP |
|
rtsp |
554 |
Real Time Streaming Protocol |
|
SCCP |
2000 |
Skinny Call Control Protocol |
|
securidprop |
5510 |
Token based Authentication service (TCP) |
|
shell |
514 |
Remote shell (rsh) |
|
sip_tls |
5061 |
Session Initiation Protocol over non-encrypted Transport Layer Security |
|
sip-tcp |
5060 |
Session Initiation Protocol over TCP |
|
smtp |
25 |
Simple Mail Transfer Protocol |
|
SMTPS |
465 |
SSL protocol over SMTPS |
|
sqlnet1-2 |
1521 |
Oracle SQL*Net Version 1 and 2 |
|
sqlnet2-1525 |
1525 |
Oracle SQL*Net Version 2 Services |
|
sqlnet2-1526 |
1526 |
Oracle SQL*Net Version 2 Services |
|
Squid_NTLM |
3128 |
Squid NTLM authentication |
|
ssh |
22 |
secure shell |
|
StoneBeat-Control |
3002 |
Stonesoft StoneBeat Control |
|
StoneBeat-Daemon |
3001 |
Stonesoft StoneBeat Daemon Heartbeat |
|
T.120 |
1503 |
H323 |
|
TACACSplus |
49 |
Terminal Access Controller Access Control System over TCP |
|
tcp-high-ports |
>1023 |
TCP Ports 1024-65535 |
|
telnet |
23 |
Telnet Protocol |
|
time-tcp |
37 |
Time Server Protocol (TCP) |
|
UserCheck |
18300 |
Check Point Daemon Protocol |
|
uucp |
540 |
Unix-to-Unix Copy Program |
|
wais |
210 |
Wide Area Information Servers |
|
X11 |
6000-6063 |
X Window System |
|
Yahoo_Messenger_messages |
5050 |
Yahoo Messenger messages |
|
Yahoo_Messenger_Voice_Chat_TCP |
5000-5001 |
Yahoo Messenger Voice Chat |
|
Yahoo_Messenger_Webcams |
5100 |
Yahoo Messenger Webcams video |
UDP Services
The names of the predefined UDP services are:
|
Service Name |
Port Range |
Comment |
|---|---|---|
|
biff |
512 |
UNIX biff Protocol |
|
bootp |
67 |
Bootstrap Protocol Server |
|
Citrix_ICA_Browsing |
1604 |
UDP Service for general Citrix browsing |
|
daytime-udp |
13 |
Daytime Server Protocol (UDP) |
|
dhcp |
68 |
DHCP |
|
discard-udp |
9 |
Discard Server Protocol (UDP) |
|
domain-udp |
53 |
Domain Name System Queries |
|
E2ECP |
18241 |
Check Point End to End Control Protocol |
|
echo-udp |
7 |
Echo Protocol (UDP) |
|
epmap-udp |
135 |
RPC Endpoint Mapper |
|
FW1_load_agent |
18212 |
Check Point ConnectControl Load Agent |
|
FW1_scv_keep_alive |
18233 |
Check Point SecureClient Verification Keepalive Protocol |
|
FW1_snmp |
260 |
Check Point Security Gateway SNMP Agent |
|
H323_ras |
1719 |
RAS and associated connections (H.323 protocols) |
|
Hotline_tracker |
5499 |
Hotline tracker connections |
|
ICQ_locator |
4000 |
Mirabilis ICQ versions |
|
IKE |
500 |
IPSEC Internet Key Exchange Protocol (formerly ISAKMP/Oakley) |
|
IKE_NAT_TRAVERSAL |
4500 |
Nat Traversal Protocol |
|
Kerberos_v5_UDP |
88 |
Kerberos authentication protocol (version 5) |
|
kerberos-udp |
750 |
secure method for authenticating a request for service |
|
L2TP |
1701 |
Layer 2 Tunneling Protocol |
|
ldap-udp |
389 |
LDAP udp service |
|
MetaIP-UAT |
5004 |
Check Point Meta IP UAM Client-Server Communication |
|
mgcp_CA |
2727 |
Media Gateway Control Protocol - Call-Agent port |
|
mgcp_MG |
2427 |
Media Gateway Control Protocol - Media Gateway port |
|
microsoft-ds-udp |
445 |
Microsoft CIFS over UDP |
|
MS-SQL-Monitor_UDP |
1434 |
Microsoft-SQL-Monitor_UDP |
|
MS-SQL-Server_UDP |
1433 |
Microsoft SQL Server |
|
MSN_Messenger_1863_UDP |
1863 |
Microsoft Network Messenger UDP |
|
MSN_Messenger_5190 |
5190 |
Microsoft Network Messenger |
|
MSN_Messenger_Voice |
6901 |
Microsoft Network Messenger Voice communication |
|
name |
42 |
Host Name Server |
|
nbdatagram |
138 |
NetBios Datagram Service |
|
nbname |
137 |
NetBios Name Service |
|
NEW-RADIUS-ACCOUNTING |
1812 |
NEW - Remote Authentication Dial-In User Service |
|
NEW-RADIUS-ACCOUNTING |
1813 |
NEW - Remote Authentication Dial-In User Service accounting |
|
nfsd |
2049 |
Network File System Daemon over UDP (earlier versions of NFS) |
|
ntp-udp |
123 |
Network Time Protocol (UDP) |
|
pcANYWHERE-stat |
5632 |
PCs remote access security software |
|
RADIUS |
1645 |
Remote Authentication Dial-In User Service |
|
RADIUS-ACCOUNTING |
1646 |
Remote Authentication Dial-In User Service accounting |
|
RainWall_Daemon |
6372 |
RainWall daemons communication |
|
RainWall_Status |
6374 |
RainWall remote management status |
|
RainWall_Stop |
6373 |
RainWall monitoring |
|
RDP |
259 |
Check Point VPN-1 FWZ Key Negotiations - Reliable Datagram Protocol |
|
rip |
520 |
Routing Information Protocol |
|
RIPng |
521 |
Routing Information Protocol for IPv6 |
|
securid-udp |
5500 |
Token based Authentication service (UDP) |
|
sip |
5060 |
Session Initiation Protocol |
|
snmp |
161 |
Simple Network Management Protocol |
|
SWTP_Gateway |
9281 |
VPN-1 Embedded/SofaWare commands |
|
SWTP_SMS |
9282 |
VPN-1 embedded / SofaWare Management Server (SMS) |
|
syslog |
514 |
UNIX syslog Protocol |
|
TACACS |
49 |
Terminal Access Controller Access Control System over UDP |
|
tftp |
69 |
Trivial File Transfer Protocol |
|
time-udp |
37 |
Time Server Protocol (UDP) |
|
tunnel_test |
18234 |
Check Point tunnel testing application |
|
udp-high-ports |
>1023 |
UDP Ports 1024-65535 |
|
VPN1_IPSEC_encapsulation |
2746 |
Check Point VPN-1 SecuRemote IPSEC Transport Encapsulation Protocol |
|
wap_wdp |
9200 |
Wireless Datagram Protocol: a simplified protocol suitable for low bandwidth mobile stations enables a connectionless mode. |
|
wap_wdp_enc |
9202 |
Wireless Datagram Protocol with Wireless Transport Layer Security |
|
wap_wtp |
9201 |
Wireless Transaction Protocol: a simplified protocol suitable for low bandwidth mobile stations enables a connection mode. |
|
wap_wtp_enc |
9203 |
Wireless Transaction Protocol with Wireless Transport Layer Security |
|
who |
513 |
UNIX who Protocol |
ICMP Services
For R23-1 PHF1.0.0 and later, when building the USP use icmp-proto. ICMP is considered an application.
The names of the predefined ICMP services are:
|
Service Name |
Type |
|---|---|
|
dest-unreach |
3 |
|
echo-reply |
0 |
|
echo-request |
8 |
|
info-reply |
16 |
|
info-req |
15 |
|
mask-reply |
18 |
|
mask-request |
17 |
|
param-prblm |
12 |
|
redirect |
5 |
|
source-quench |
4 |
|
time-exceeded |
11 |
|
timestamp |
13 |
|
timestamp-reply |
14 |
Other Services
|
Service Name |
IP Protocol |
Comment |
|---|---|---|
|
AH |
51 |
IPSEC Authentication Header Protocol |
|
egp |
8 |
Exterior Gateway Protocol |
|
ESP |
50 |
IPSEC Encapsulating Security Payload Protocol |
|
FW1_Encapsulation |
94 |
Check Point VPN-1 SecuRemote FWZ Encapsulation Protocol |
|
ggp |
3 |
Gateway-to-Gateway protocol |
|
gre |
47 |
Generic Route Encapsulation Protocol |
|
icmp-proto |
1 |
Internet Control Message Protocol |
|
igmp |
2 |
Internet Group Management Protocol |
|
igrp |
9 |
Cisco Interior Gateway Routing Protocol |
|
IP_Mobility |
55 |
IP Mobility protocol |
|
ospf |
89 |
Open Shortest Path First Interior GW Protocol |
|
PIM |
103 |
Protocol-Independent Multicast |
|
SIT |
41 |
IPv6 encapsulated in IPv4 |
|
Sitara |
109 |
Sitara Networks Protocol (SpeedSeeker) |
|
SKIP |
57 |
IPSEC Simple Key Management for Internet Protocols |
|
SUN_ND |
77 |
Sun ND protocol |
|
SWIPE |
53 |
swIPe protocol |
|
vrrp |
112 |
Virtual Router Redundancy Protocol |
