Re: [FW-1] R54 and FTP

Subject:	Re: [FW-1] R54 and FTP
From:	David Strom <dstrom AT CIESIN.COLUMBIA DOT EDU>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Mon, 26 Apr 2004 17:09:35 -0400

I think this what you might be looking for:  in the Dashboard, Look
under the Smart Defense tab, Network Security (expand this), and go to
Dynamic Ports ... you can then check the radio button to "Allow data
connections to all defined services ports"... this is for the old quirk
where if an FTP session happened to try to use a port that was defined
in the rulebase for any other purpose, FW1 would block it.  This is
finally handled in the FW1 management GUI, rather than editing files.

HTH.


Davis, Nathaniel wrote:

Hi all.

My questions is this.  I have Checkpoint R54 installed on a IP330.  My rules
allow incoming and outgoing ftp's.  When I am using a web browser and I try
to download a file from a remote site.  The ftp request goes out on a port
other than 21.  It goes out on higher ports.  Thus, Checkpoint drops the
request, because it isn't in the rules.  How can I get checkpoint to allow
these connections, without having to add different ports from everywhere.  I
don't want to open all ports.  Any help is appreciated.  I'm guessing it's a
Smart Defense thing, but am not sure.

Nathan

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] R54 and FTP, Davis, Nathaniel Re: [FW-1] R54 and FTP, David Strom <= [FW-1] PROXY ARP, PROBLEM...!!!, Mateo Cabrera - Security Advisor Re: [FW-1] PROXY ARP, PROBLEM...!!!, Reinhard Stich Re: [FW-1] PROXY ARP, PROBLEM...!!!, Rob Laidlaw Re: [FW-1] R54 and FTP, Reinhard Stich Re: [FW-1] R54 and FTP, albnix Re: [FW-1] R54 and FTP, Davis, Nathaniel Re: [FW-1] R54 and FTP, Beck, Aaron

Previous by Date:	[FW-1] Edge Boxes, Jean Montgomery
Next by Date:	Re: [FW-1] R54 and FTP, Reinhard Stich
Previous by Thread:	[FW-1] R54 and FTP, Davis, Nathaniel
Next by Thread:	[FW-1] PROXY ARP, PROBLEM...!!!, Mateo Cabrera - Security Advisor
Indexes:	[Date] [Thread] [Top] [All Lists]