[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Re: ftp server using random high ports and checkpoint
Lance; Thank you for your input. We have already done what you have advised. In fact, we have "complained" to Microsoft premium support. It knows exactly what is the problem and directs us to talk to Check Point. We logged a technical support call to Check Point. We have gone through 4 different technical support specialists over a week, the problem is still here! Interestingly, it is only a folder with 10,000 1K files has problem. The other folder with many sub-folders with many 1K files without problem! (As a result, a hypothsis (sp) says it might be the NTFS Master File Table (aka file allocation table) causing this problem!) Any further comments are appreciated. Thanks and have a merry Holiday. Ivan ----- Original Message ----- From: "Lance Ecklesdafer" <[email protected]> To: "Ivan Fox" <[email protected]>; "Firewall-Wizards@Nfr. Net" <[email protected]>; "Firewalls@Lists. Gnac. Net" <[email protected]>; "Firewall-1" <[email protected]> Sent: Friday, December 22, 2000 3:59 PM Subject: Re: ftp server using random high ports and checkpoint > Ivan, > > Check the Properties settings under the Policy Menu in the Checkpoint > Firewall-1 GUI. Go to the "Services" tab and select the "Enable FTP Port > Data Connections" and "Enable FTP PASV Data Connections". Your rulebase > would contain a rule that would appear like : > > Source = clients allowed to ftp (probably a group of workstations or users) > Destination = Any > Service=ftp > Action=Accept or User Authentication > Track= Long or Short (I always track) > Install on = Gateways > Time = Any > Comment= Rule to allow FTP to any site by authorized users > > Hope this helps > > Lance > > ----- Original Message ----- > From: "Ivan Fox" <[email protected]> > To: "Firewall-Wizards@Nfr. Net" <[email protected]>; > "Firewalls@Lists. Gnac. Net" <[email protected]>; "Firewall-1" > <[email protected]> > Sent: Tuesday, December 19, 2000 6:45 PM > Subject: ftp server using random high ports and checkpoint > > > > Some of our users need to access an external ftp server. Therefore, we > > setup a rule to use port 20 and 21. However, the ftp server responds > their > > request using random high ports, therefore, we need to setup a "returning > > rule" allowing the ftp server coming back using high-ports (>1023). > > > > Is it typical for ftp server's returning packets using random high ports? > > Is it "safe/secure" to setup such rule on checkpoint firewall? > > Any implications that we need to be aware of? > > > > Any pointers are appreciated. > > > > Thanks, > > > > Ivan > > > > > > > > - > > [To unsubscribe, send mail to [email protected] with > > "unsubscribe firewalls" in the body of the message.] > > > > > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|