[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] FireWall-1(R) Version 4.0 Build 4156 [VPN + DES] Problems with s ome FTP sites (compaq)
Hi ! And what about the same problem, downloading from Compaq true WWW, I think that they start a CGI that starts a connection at other point, on a FW-! 4.0 SP 6. I don´t have on my $FWDIR/conf the fwui_head.def file. My browser´s window just freeze when I try to download some file from that site. The same problem did not occurr some day ago. Thanks, > José Vicente da C Machado > AMERICEL I.T. - Information Security > email: [email protected] Office:(61) 329-6808 > http://www.americel.com.br Address: > SEPS 702/902 Bloco B 1º andar > 70390-025 - Brasilia - DF > > > > ----- Mensagem original ----- > De: Guido Van De Velde [SMTP:[email protected]] > Enviada em: Friday, October 06, 2000 6:41 AM > Para: [email protected] > Cc: [email protected] > Assunto: Re: [FW1] 4.1 SP2 Problems with some FTP sites > (compaq) > > [email protected] wrote: > > > > Since I moved from 40. sp5 to 4.1 sp2 people cannot download from some > > ftp-sites. > > one of them iftp.compaq.com. > > > > The fw rejects the packet comming back from compaq with rule 0. > > Saying: unknown established TCP packet. > > > > Other FTP sites are OK > > > > Any suggesstions? > > > > Hans Hamakers > > ABB Benelux > > IT Networkservices > > > > > ========================================================================== > ====== > > To unsubscribe from this mailing list, please see the instructions > at > > http://www.checkpoint.com/services/mailing.html > > > ========================================================================== > ====== > > UNcomment > > #define ALLOW_NON_SYN_RULEBASE_MATCH > > in $FWDIR/conf/fwui_head.def > > and > > comment > > #define FTP_ENFORCE_NL > > in $FWDIR/conf/base.def > > > > The first one being commented out by default causes a lot of > unestablished tcp-connection errror (dropped by rule 0), the second > causes connection lost to ftp servers with no NewLine endings in their > data-packets. > > Those two "security enhancements" in 4.1SP2 cause a lot of traffic loss. > > I have the impression 4.1SP2 was a panic reaction by Checkpoint, I think > nobody can use the default settings... > > -- > Guido Van De Velde > LUDIT - KULeuvenNet ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|