Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] FireWall-1(R) Version 4.0 Build 4156 [VPN + DES] Problems with s ome FTP sites (compaq)

To: [email protected]
Subject: [FW1] FireWall-1(R) Version 4.0 Build 4156 [VPN + DES] Problems with s ome FTP sites (compaq)
From: [email protected]
Date: Fri, 6 Oct 2000 08:26:26 -0300
Sender: [email protected]

Hi !

And what about the same problem, downloading from Compaq true WWW, I think
that they start a CGI that starts a connection at other point, on a FW-! 4.0
SP 6. I don´t have on my $FWDIR/conf the fwui_head.def file. My browser´s
window just freeze when I try to download some file from that site.
The same problem did not occurr some day ago.

Thanks,
> José Vicente da C Machado
> AMERICEL
I.T. - Information Security
> email: [email protected]
Office:(61) 329-6808
> http://www.americel.com.br
Address:
> SEPS 702/902 Bloco B 1º andar
> 70390-025 - Brasilia - DF
> 
> 
> 
> ----- Mensagem original -----
> De:		Guido Van De Velde [SMTP:[email protected]]
> Enviada em:		Friday, October 06, 2000 6:41 AM
> Para:		[email protected]
> Cc:		[email protected]
> Assunto:		Re: [FW1] 4.1 SP2 Problems with some FTP sites
> (compaq)
> 
> [email protected] wrote:
> > 
> > Since I moved from 40. sp5 to 4.1 sp2 people cannot download from some
> > ftp-sites.
> > one of them iftp.compaq.com.
> > 
> > The fw rejects the packet comming back from compaq with rule 0.
> > Saying: unknown established TCP packet.
> > 
> > Other FTP sites are OK
> > 
> > Any suggesstions?
> > 
> > Hans Hamakers
> > ABB Benelux
> > IT Networkservices
> > 
> >
> ==========================================================================
> ======
> >      To unsubscribe from this mailing list, please see the instructions
> at
> >                http://www.checkpoint.com/services/mailing.html
> >
> ==========================================================================
> ======
> 
> UNcomment 
> 
> #define ALLOW_NON_SYN_RULEBASE_MATCH
> 
> in $FWDIR/conf/fwui_head.def 
> 
> and 
> 
> comment 
> 
> #define FTP_ENFORCE_NL
> 
> in $FWDIR/conf/base.def
> 
> 
> 
> The first one being commented out by default causes a lot of
> unestablished tcp-connection errror (dropped by rule 0), the second
> causes connection lost to ftp servers with no NewLine endings in their
> data-packets.
> 
> Those two "security enhancements" in 4.1SP2 cause a lot of traffic loss.
> 
> I have the impression 4.1SP2 was a panic reaction by Checkpoint, I think
> nobody can use the default settings...
> 
> -- 
> Guido Van De Velde
> LUDIT - KULeuvenNet


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] 4.1 SP2 Problems with some FTP sites (compaq)
Next by Date: Re: [FW1] Services to enable VRRP in Checkpoint
Previous by thread: Re: [FW1] Services to enable VRRP in Checkpoint
Next by thread: [FW1] Re: I knew I was right...heh & NT Session T/O value
Index(es):
- Date
- Thread