Hi Adam,
Is rule 49 your cleanup rule? Are you controlling uploads via the FTP
Security Server? If not, how are you doing it?
Are they intentionally trying to send to an FTP server that's running on
port 50984? If you filter SmartView Tracker with the SmartDefense filter and
the destination IP, does it give any clues?
Ray
From: Adam Maxwell <amaxwell AT ELLIOTT-GROUP.CO DOT UK>
Reply-To: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] FTP Client issue
Date: Tue, 30 Aug 2005 13:45:34 +0100
Hi,
I've developed a problem with some of my clients FTP'ing to external
servers. Some of my clients have FTP access (using the FTP group already
configured in SmartDashboard) so that they can upload websites etc.
Recently (no changes have been made to the rule base) the FTP process is
stalling when files are uploaded. I am using passive FTP, and the only
changes I have made which might effect this are SmartDefense updates.
This is the drop log from the firewall
Source: laptop
Number: 16680
Date: 30Aug2005
Time: 13:41:42
Product: VPN-1 & FireWall-1
Interface: eth1c0
Origin: firewall
Type: Log
Action: Drop
Protocol: tcp
Service: 50984
Destination: ftp server
Rule: 49
Source Port: 3699
Does anyone have any ideas or suggestions?
Thanks
__________________________________
Adam Maxwell, Infrastructure Manager
------------------------------------------------------------------------------------------------------------------
This e-mail, including attachments, is confidential and is intended for
view by the addressee only. Any views, opinions and judgements expressed
are solely those of the author and may not reflect those of the company.
If you have received this message in error, or have concerns about the use
of this account please contact: postmaster AT elliott-group.co DOT uk
For more information about The Elliott Group Ltd, please visit the Web site
at http://www.elliott-group.co.uk
Security Warning: Please note that this email has been created in the
knowledge that Internet email is not a 100% secure communications medium.
We advise that you understand and accept this lack of security when
emailing us.
This footnote also confirms that this e-mail message has been swept by
MimeSweeper for the presence of computer viruses.
------------------------------------------------------------------------------------------------------------------
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
