[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] FW: ftp problem using win client and CVP
All, I am posting a 2nd time because it does not appear to have made it to the list. Please forgive me if it is a duplicate... Thanks Tracy > -----Original Message----- > From: Maxi Tracy A Contr AFRL/SNOO > Sent: Monday, December 04, 2000 1:45 PM > To: '[email protected]' > Subject: ftp problem using win client and CVP > > All, > > I have gone through the fw archives and Phoneboy's site but have not seen anything that I thought applied directly to this scenario... Hopefully someone can shed some light on this for me. > > a) I can successfully ftp (command line) to a site (i.e. ftp.symantec.com) going through my CVP. (there are fw log entries) > b) I can successfully ftp (command line) to a site (i.e. ftp.symantec.com) NOT going through my CVP. (there are fw log entries) > > c) I can NOT do the same ftp via a client such as wsftp32 or ws_ftppro going through my CVP. (there is nothing in fw log) > d) I CAN do the same ftp via a client such as wsftp32 or ws_ftppro if I do NOT go through the CVP. (there is a fw log entry) > > I do not understand why in case c I do not see anything in my firewall logs? I log everything. It makes it seem like it never gets to the firewall... > > Is this a fw config issue, an ftp client issue, or a CVP issue? > > Here is my current configuration: > > Solaris 2.6 and FW 4.1sp2 > > rules: > source destination service comment > my-IP any ftp->acvpre rule used in a above > > my-IP any ftp rule used in b and d above; I created this rule as a test for troubleshooting > > rule 0: > have enabled FTP PORT data connections > have enabled FTP PASV data connections > > config files: > $FWDIR/conf/fwopsec.conf contains: > ... > server 127.0.0.1 18181 auth_opsec > server 127.0.0.1 18182 auth_opsec > ... > > > /opt/CPfw1-41/lib/base.def contains for ftp: > ... > // #define FTPPORT(match) (call KFUNC_FTPPORT <(match)>) > #define FTP_ENFORCE_NL > ... > > Thanks in advance for any help you may provide. Please let me know if there is other info that would be helpful in resolving this. > > Tracy A. Maxi > Firewall Administrator > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|