Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] FTP problem

from Two Dog Flats [Permanent Link]
Subject: Re: [FW-1] FTP problem
From: Two Dog Flats <j3ff9ack AT YAHOO DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Mon, 30 May 2005 04:40:57 -0700 
You might try looking at the Advanced Properties of the FTP service.
There are several different settings that affect the way FTP
connections are treated.  For some troublesome clients you may need to
disable all checks and use the "ftp-basic" service.  You can create
multiple FTP service objects to allow different levels of protection
based on client behavior.
--
Jeff

--- rajesh <rajesh AT SL.NSW.GOV DOT AU> wrote:

> Hi Srikrishna,
>
> The problem is FW is not rejecting these packets. FW logs says it
> accepts FTP
> connections. But I don't get the FTP login prompt on my PC. If I try
> to FTP from
> a unix box (solaris) it works though it takes some time to show the
> login
> prompt. If I do it from my PC (Windows XP) I dont even get the login
> prompt.
>
> Thanks,
> Rajesh.
>
>
> >Hmm....Yeah...some times this black box gives lot of problems..but
> thats why we
> are here n this secures our job as well..;0
> >
> >okie...can you use "fw monitor " to verify where does this packet
> getting
> rejected/dropped....
> >
> >
> >
> >rajesh <rajesh AT SL.NSW.GOV DOT AU> wrote:
> >I did go through phoneboy.com and added those lines. Still it
> doesn't work.
> >Strange thing is it works fine if I FTP from outside our network.
> >
> >Thanks,
> >Rajesh.
> >
> >
> >>Hmm...
> >>http://www.phoneboy.com/bin/view.pl/FAQs/TCPservicePort
> >>
> >>This is the one we used from Phoneboy.....It worked on FP3..on R55
> I dont have
> >any problem though....
> >>
> >>
> >>rajesh wrote:
> >>Krishna,
> >>
> >>Thanks for your reply. I have tried this but still no luck. I have
> also added
> >>the following line:
> >>
> >>#define FTP_CHECK_PACKET
> >>
> >>Anything else I need to check on FW gui?
> >>
> >>Thanks,
> >>Rajesh.
> >>
> >>
> >>>its a known problem with the CP macros....you can try the
> following
> >>procedure...But its highly recommended to call your support if you
> are not
> sure
> >>or doing these kinda jobs first time...
> >>>
> >>>---------------------------------------------------
> >>>FTP (Tried to open a known service port)
> >>>
> >>>1) Exit all Gui's.
> >>>
> >>>2) Backup the $FWDIR/lib/base.def on the management server.
> >>>
> >>>3) Edit the $FWDIR/lib/base.def and add the following line:
> >>>
> >>>#define NO_SERVER_PORT_CHECK
> >>>
> >>>right below the line (at the top of the file):
> >>>#define __base_def_
> >>>
> >>>This effectively disables the macros that check for defined
> services.
> >>>
> >>>4) Push the security policy to the enforcement points.
> >>>
> >>>---------------------------------------------------------
> >>>
> >>>Srikrishna Komatineni
> >>>
> >>>
> >>>---------------------------------
> >>>Do you Yahoo!?
> >>> New and Improved Yahoo! Mail - 1GB free storage!
> >>>
> >>>=================================================
> >>>To set vacation, Out-Of-Office, or away messages,
> >>>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> >>>in the BODY of the email add:
> >>>set fw-1-mailinglist nomail
> >>>=================================================
> >>>To unsubscribe from this mailing list,
> >>>please see the instructions at
> >>>http://www.checkpoint.com/services/mailing.html
> >>>=================================================
> >>>If you have any questions on how to change your
> >>>subscription options, email
> >>>fw-1-owner AT ts.checkpoint DOT com
> >>>=================================================
> >>
> >>Rajesh
> >>
> >>Unix System Administrator
> >>State Library of NSW
> >>Macquarie Street
> >>Sydney - 2000
> >>
> >>email: rajesh AT sl.nsw.gov DOT au
> >>phone: +61-2-9273-1706
> >>mobile: +61-413-771-270
> >>
> >>=================================================
> >>To set vacation, Out-Of-Office, or away messages,
> >>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> >>in the BODY of the email add:
> >>set fw-1-mailinglist nomail
> >>=================================================
> >>To unsubscribe from this mailing list,
> >>please see the instructions at
> >>http://www.checkpoint.com/services/mailing.html
> >>=================================================
> >>If you have any questions on how to change your
> >>subscription options, email
> >>fw-1-owner AT ts.checkpoint DOT com
> >>=================================================
> >>
> >>
> >>---------------------------------
> >>Meet your soulmate!
> >> Yahoo! Asia presents Meetic - where millions of singles gather
> >>
> >>=================================================
> >>To set vacation, Out-Of-Office, or away messages,
> >>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> >>in the BODY of the email add:
> >>set fw-1-mailinglist nomail
> >>=================================================
> >>To unsubscribe from this mailing list,
> >>please see the instructions at
> >>http://www.checkpoint.com/services/mailing.html
> >>=================================================
> >>If you have any questions on how to change your
> >>subscription options, email
> >>fw-1-owner AT ts.checkpoint DOT com
> >>=================================================
> >
> >Rajesh
> >
> >Unix System Administrator
> >State Library of NSW
> >Macquarie Street
> >Sydney - 2000
> >
> >email: rajesh AT sl.nsw.gov DOT au
> >phone: +61-2-9273-1706
> >mobile: +61-413-771-270
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages,
> >send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email
> >fw-1-owner AT ts.checkpoint DOT com
> >=================================================
> >
> >
> >---------------------------------
> >Meet your soulmate!
> > Yahoo! Asia presents Meetic - where millions of singles gather
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages,
> >send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email
> >fw-1-owner AT ts.checkpoint DOT com
> >=================================================
>
> Rajesh
>
>
=== message truncated ===

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [FW-1] Oracle 9.i, Murat Turan
Next by Date:  Re: [FW-1] FTP problem, Srikrishna.K
Previous by Thread:  [FW-1] NGX binaries, Gennadiy Reznichenko
Next by Thread:  Re: [FW-1] FTP problem, Srikrishna.K
Indexes:  [Date] [Thread] [Top] [All Lists]