[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] ftp problem using win client and CVP
All, I have gone through the fw archives and Phoneboy's site but have not seen anything that I thought applied directly to this scenario... Hopefully someone can shed some light on this for me. a) I can successfully ftp (command line) to a site (i.e. ftp.symantec.com) going through my CVP. (there are fw log entries) b) I can successfully ftp (command line) to a site (i.e. ftp.symantec.com) NOT going through my CVP. (there are fw log entries) c) I can NOT do the same ftp via a client such as wsftp32 or ws_ftppro going through my CVP. (there is nothing in fw log) d) I CAN do the same ftp via a client such as wsftp32 or ws_ftppro if I do NOT go through the CVP. (there is a fw log entry) I do not understand why in case c I do not see anything in my firewall logs? I log everything. It makes it seem like it never gets to the firewall... Is this a fw config issue, an ftp client issue, or a CVP issue? Here is my current configuration: Solaris 2.6 and FW 4.1sp2 rules: source destination service comment my-IP any ftp->acvpre rule used in a above my-IP any ftp rule used in b and d above; I created this rule as a test for troubleshooting rule 0: have enabled FTP PORT data connections have enabled FTP PASV data connections config files: $FWDIR/conf/fwopsec.conf contains: ... server 127.0.0.1 18181 auth_opsec server 127.0.0.1 18182 auth_opsec ... /opt/CPfw1-41/lib/base.def contains for ftp: ... // #define FTPPORT(match) (call KFUNC_FTPPORT <(match)>) #define FTP_ENFORCE_NL ... Thanks in advance for any help you may provide. Please let me know if there is other info that would be helpful in resolving this. Tracy A. Maxi Firewall Administrator ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|