[FW-1] problems with FTP under FP3

[Roman Serbski <libser@FW1-NOSPAMMANAS.KG>]

Good day list,

I have problems with ftp connection to my FTP server from
internal NAT'ed LAN.

#uname -a
SunOS sunny 5.8 Generic_108528-16 sun4u sparc SUNW,Ultra-250

#fw ver
This is Check Point VPN-1(TM) & FireWall-1(R) NG Feature
Pack 3 Build 53225

FTP server sits in DMZ and has real IP address (powered by
FreeBSD 4.6-STABLE, proftpd-1.2.6).
Proftpd is configured with "UseReverseDNS off" and
"IdentLookups off" so I don't think it is DNS problem.

FW rule is:
any FTPSERVER ftp accept (I tried ftp-pasv, ftp and ftp-pasv
but with no luck)

Local LAN (100Mb/s) is statically NATed. FTP clients are FAR
manager, CuteFTP Pro.

Here is the problem:
Initial connection to FTP server from internal LAN is OK,
downloading (_only_ as an anonymous user) from FTP server is
also OK. But if I tried to _upload_ some file, or if I login
as a _user_ and try to download/upload data connection's
speed becomes very slow (sometimes zero). There is no
dropped connection in the logs, speed is just very slow.

I tried both ftp and ftp-pasv, tried to change FTP server -
same results. I've read in archives that for the FW-4.1
there was some global "FTP Passive Mode" parameter, but
couldn't find it in NG FP3...

Any hints would be greatly appreciated!

Looking forward to hear from you.
Regards,
Roman

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================