I am seeing dropped packets between my thin client registered to our ICG over ports in the high 60xxx and 61xxx range but don’t see any mention of these, anyone able to shed some light on what these are being used for?
Are you able to open a local terminal? I would try a command like
netstat -lnp | grep yourport
Is happening in idle or when an Application is started?
I have been troubleshooting a separate issue and when filtering my external IP in our checkpoint I found those ports being blocked trying to communicate with the ICG
Can you check which command is trying the connection, on the endpoint? With my command or an adapted one?
just tried your command and grepped 62090 which was the last port that I seen in our checkpoint logs and didn’t show anything
it was 20 minutes ago in our fw logs tho
just rebooted the thin client and it generated 4 more dropped packets in our firewall, TCP 62473 and 62646…just wondering if these high ports are worth allowing to communicate with the ICG or not
Hi Brandon, I’m a bit buys atm. Sorry for answering late. Will try to figure that out in my lab later on and come back to you. From the official part, there is no need for UDP, atm.
You’re likely seeing ephemeral ports – a random port that the client chooses as its source so the server (ICG) responds as its destination port back to the client.
If your firewall is stateful (it should be), it will keep track of these ports and allow for responses during the session. If you’re seeing these blocked, the firewall likely is not aware of an existing session state that the ICG is trying to communicate back with on that ephemeral port, so it blocks it.
en.m.wikipedia.org/wiki/Stateful_firewall en.m.wikipedia.org/wiki/Stateful_firewall
en.m.wikipedia.org/wiki/Ephemeral_port en.m.wikipedia.org/wiki/Ephemeral_port
Continue reading and comment on the thread ‘Dropped packets between my thin client registered to our ICG over ports in the high 60xxx and 61xxx range?’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!