The PhoneBoy Blog


Simplifying Telecom, Mobile Phones, Gadgets, and More!

FireWall-1 FAQ: How Do I Allow Only Specific Ports To Communicate With A System?

Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.


I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.


If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)


To limit source port number from 2000 to 3000, in 'Services Manager' window,

  • Create a new service object of type TCP or UDP or ...
  • For value of 'Source Port Range: enter the range. For example: 2000 - 3000.

To limit destination port number from 2000 to 3000, in 'Services Manager' window:

  • Create a new service of type 'Other',
  • In the 'Match:' box enter something like:

    udp, dport > 2000, dport < 3000 or

    tcp, dport > 2000, dport < 3000

Then use the newly created service in your current rule base.

C-List #Cybersecurity Celebrity, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.