Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] FTP problems through 4.1 sp-2 looking for Ideas

To: Thomas Stala <[email protected]>, [email protected]
Subject: Re: [FW1] FTP problems through 4.1 sp-2 looking for Ideas
From: Chris F <[email protected]>
Date: Thu, 8 Feb 2001 06:28:19 -0800 (PST)
In-reply-to: <001e01c0917c$91957fc0$5b5da4d0@tstala>
Sender: [email protected]

From:
http://www.securityportal.com/topnews/weekly/checkpoint20000918.html

Multiple Problems with FTP After Upgrading 
"Multiple Threads" posted by multiple frustrated
administrators 

Q:     It is becoming very apparent that Check Point
may have overlooked a few things related to FTP in
their latest Service Packs. Many, many people have
posted problems with FTP DATA channels not working,
PASV FTP not working, or strange timeouts during
active FTP sessions. This must be a big problem, as
the #1 most frequently downloaded problem solution at
Check Point's support site is currently "FTP to
specific servers fails." 
 
A:     Check Point's solutions to these problems are
as follows: 


"FTP to specific servers fails," Problem ID #
(10043.0.982): 

Edit the $FWDIR/lib/base.def file to allow FTP headers
without "\r\n": 

Stop FireWall-1 (fwstop) 

Edit the /$FWDIR/lib/base.def 

Mark out the following line: 
#define FTP_ENFORCE_NL 
to: 
//#define FTP_ENFORCE_NL 

Start FireWall-1 (fwstart) 

Re-install the policy 


"FTP to some servers fails," Problem ID #
(10043.0.413): 

Edit the /$FWDIR/lib/base.def file to allow this
behavior: 

Stop the FireWall (fwstop) 

Edit the $FWDIR/lib/base.def: 

Change it from: 

#define FTPPORT(match) (call KFUNC_FTPPORT
<0x1|(match)>) 
// 
// Use this if you do not want the FireWall module to
insist on 
// a newline at the end of the PORT command: 
// #define FTPPORT(match) (call KFUNC_FTPPORT
<(match)>) 

To: 

//#define FTPPORT(match) (call KFUNC_FTPPORT
<0x1|(match)>) 
// 
// Use this if you do not want the FireWall module to
insist on 
// a newline at the end of the PORT command: 
#define FTPPORT(match) (call KFUNC_FTPPORT <(match)>) 

(The change is to comment the first line, and
uncomment the last one) 

Start the FireWall (fwstart) 

Re-install the policy 

Although these solutions worked well for some, many
others still had problems after applying these fixes.
Most are very frustrated by this, and hope that Check
Point will be fixing this once and for all in their
next Service Pack. 
 
HTH -- Chris



--- Thomas Stala <[email protected]> wrote:
> 
> ok here is the good part. if I wait for the web
> browser to connect I move
> around with no problem at all. I can go from
> directory to directory.
> 
> I wish this was good enough but we have servers
> running scripts that do this
> automatically I am at a loss.
> 
> 
> ----- Original Message -----
> From: "Thomas Stala" <[email protected]>
> To: <[email protected]>
> Sent: Wednesday, February 07, 2001 6:01 PM
> Subject: [FW1] FTP problems through 4.1 sp-2 looking
> for Ideas
> 
> 
> >
> > I have tried to do an ftp session through a dos
> prompt nt 2000. connection
> > refused.
> >
> > if I try this outside of the firewall it works
> fine.
> >
> > I am able to get to other ftp sites fine.
> >
> > I created a rule to allow the server to do
> >             ftp
> >             ftp-pasv
> >             ftp-port
> >
> > I never see anything being rejected in the logs.
> >
> > if I use my browser version 5.0 it takes about 5
> minutes and then it gets
> to
> > the site?
> >
> >
> > any ideas
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Thomas Stala
> > MCSE CCSE
> > [email protected]
> > pager> > cell> >
> >
> >
> >
>
============================================================================
> ====
> >      To unsubscribe from this mailing list, please
> see the instructions at
> >               
> http://www.checkpoint.com/services/mailing.html
> >
>
============================================================================
> ====
> 
> 
> 
>
================================================================================
>      To unsubscribe from this mailing list, please
> see the instructions at
>               
> http://www.checkpoint.com/services/mailing.html
>
================================================================================


__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- Re: [FW1] FTP problems through 4.1 sp-2 looking for Ideas
  - From: "Thomas Stala" <[email protected]>

Prev by Date: RE: [FW1] License Question
Next by Date: Re: [FW1] why not a bridge? (and hot air)
Previous by thread: Re: [FW1] FTP problems through 4.1 sp-2 looking for Ideas
Next by thread: Re: [FW1] FTP problems through 4.1 sp-2 looking for Ideas
Index(es):
- Date
- Thread