Support Center > Search Results > SecureKnowledge Details
Ports used on Security Gateway for SecureClient and Endpoint Security VPN Technical Level

Ports used on Security Gateway for SecureClient and Endpoint Connect

If Control Connections are enabled in SmartDashboard - Global Properties, then all of the following ports are opened automatically, except UDP 2746.

If Control Connections are disabled in SmartDashboard - Global Properties, then the following ports must be allowed explicitly in the rulebase.

UDP 259 -  RDP (necessary only for MEP resolving and dynamic interface resolving)

TCP 264 - Topology download was used by SecureClient

TCP 443 - In Visitor Mode, all VPN traffic is tunneled through port 443

UDP 500 - IKE

TCP 500 - IKE over TCP

IP protocol 50 - ESP (the actual encrypted data; not necessary to allow this, if using UDP encapsulation)

UDP 2746 - UDP encapsulation (encapsulates IP protocol 50 ESP packets)

UDP 4500 - NAT-T port for industry standard UDP encapsulation

TCP 18231 - Policy Server login (seen on the network using SSL, if SecureClient/Endpoint Connect has an IP address in the VPN Domain; Not necessary to open this port, if SecureClient/Endpoint Connect is not in the VPN Domain).


Ports used through the VPN tunnel:

TCP 18231 - Policy Server login (will be encrypted, if SecureClient IP address is not in the VPN Domain)

UDP 18233 - SCV update

UDP 18234 - Tunnel Test


Note: Endpoint Connect client, by default, will use port 443 to negotiate the tunnel, even if Visitor Mode is not selected. Refer to sk158334 and sk159372 for more information.


Related solution: 

sk52421 (Ports used by Check Point software).

Give us Feedback
Please rate this document