NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] PASV FTP problem

We are having a problem with clients coming into our FTP server getting hung
on ftp sessions using any browser.  We are running CheckPoint 4.0 SP7 on Sun
2.6 with the latest patches.  After applying several of the ftp fixes, the
High Port TCP Services and FTP, the FTPPORT match solution and the
FTP_ENFORCE_NL, all of which I found on Phoneyboy and CheckPoints sites, we
are still having a problem.

When I do a snoop on the firewall after double-clicking the file, I get
this:
10.10.10.9 -> 11.11.11.99 FTP R port=59235 220 dtwebftp02 Micro
11.11.11.99 -> 10.10.10.9 FTP C port=59235 USER anonymous\r\n
10.10.10.9 -> 11.11.11.99 FTP R port=59235 331 Anonymous access
11.11.11.99 -> 10.10.10.9 FTP C port=59235 PASS IE40user@\r\n
10.10.10.9 -> 11.11.11.99 FTP R port=59235 230 Anonymous user l
11.11.11.99 -> 10.10.10.9 FTP C port=59235 TYPE I\r\n
10.10.10.9 -> 11.11.11.99 FTP R port=59235 200 Type set to I.\r\n
11.11.11.99 -> 10.10.10.9 FTP C port=59235 PASV\r\n
10.10.10.9 -> 11.11.11.99 FTP R port=59235 227 Entering Passive

And it just hangs there.  But a right click gives me this:

11.11.11.99 -> 10.10.10.9 FTP C port=59220 noop\r\n
10.10.10.9 -> 11.11.11.99 FTP R port=59220 200 NOOP command suc
11.11.11.99 -> 10.10.10.9 FTP C port=59220 CWD /trial/\r\n
10.10.10.9 -> 11.11.11.99 FTP R port=59220 250 CWD command succ
11.11.11.99 -> 10.10.10.9 FTP C port=59220 TYPE I\r\n
10.10.10.9 -> 11.11.11.99 FTP R port=59220 200 Type set to I.\r\n
11.11.11.99 -> 10.10.10.9 FTP C port=59220 PORT 207,70,91,65,23
10.10.10.9 -> 11.11.11.99 FTP R port=59220 200 PORT command suc
11.11.11.99 -> 10.10.10.9 FTP C port=59220 SIZE dto2kt.exe\r\n
10.10.10.9 -> 11.11.11.99 FTP R port=8688\r\n
11.11.11.99 -> 10.10.10.9 FTP C port=59220 RETR dto2kt.exe\r\n
10.10.10.9 -> 11.11.11.99 FTP R port=59220 150 Opening BINARY m

And the file will download

Does anyone have any other issues with pasv ftp?  It is enabled in the
policy properties.

Any help would be greatly appreciated.


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.