[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] High Port FTP
> Did you check the box in Policy->Properties-> > Services->Enable FTP PORT Data Connections > or add a rule to allow the data back connection. Yes that is checked. > Explain how you changed the FTP to the high > port that your using. I'll assume(ack) that you > changed the services file and restarted the FTP > service via an 'init q'. Did you change the > 'ftp-data 20/tcp' reference as well? I did change /etc/services so both ftp is on higher port and ftp_data is on higher port - 1 > Oh, and change the service type of your NEW > service from 'FTP' to 'other'. Done that too. Still no go. > Checkpoint will try and keep track of this, but in v3.x and > v4.0, you need to convince the software(via INSPEC) to > track the new control and data ports. This is in addition to > creating the new FTP service on the higher ports, which > you should have done already. I have CP 4.1 SP3 > > Phoneboy has a writeup, but I found it hard to read the > first time through(many moons ago). Take a peek at his FAQ at > http://www.phoneboy.com/fw1/faq/0158.html. They don't have thing for 4.1. Tried fpr 4.0 solution with 4.1 but didn't work. > If your still having troubles, send along the lines in your > rulebase about FTP, what the new service is defined as, > what policy properties are selected, and the log references > showing any FTP drops/rejects. I tried as TCP/FTP service with high port, didn't work. I did set up as "Other" set up tcp, dport=high_port The drop is when server sends on high_port-1 to the client. Clearly FW doesn't know it is FTP connection trying to work here. I did escalate this with CheckPoint already and waiting for them to see where the problem is. Thanks for help. Regards, Iztok ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|