[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] FTP on 521 and 520. HELP !!!
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FW-1 3.0b VPN 3083 Solaris 2.6 Here's the problem. We have users that FTP (21 and 20), via command line and via applications, through the FW with no problem. We now have a requirement for an application to FTP through the FW on ports 521 and 520. I tried a couple of different/simple changes, like creating TCP Services on ports 521 and 520 to no avail. The connection is initiated and there is an accept in the FW log viewer. I can also snoop the interfaces and see the traffic arriving at the FW during the initial connection and also the returning to the FW from the FTP Server. The problem comes when you try to do a directory listing. I am assuming this is the equivalent of an FTP DATA connection, ie. port 20, or in our case port 520. Anyway, it will basically just time out with an application specific error message. Let me point out that the application (WS FTP Pro) works fine when using ports 21 and 20. After some research it appears that when FW-1 sees and FTP connection coming through it looks in the base.def file to determine which port to allow the FTP DATA connection on. This file is setup to allow this connection on port 20. Can anyone verify if this is correct ? And does anyone know of a work around so that we can use ports 520 and 521. I guess we could edit the base.def file, but then I imagine that would break all of the normal (21 and 20) FTP connections. Any help is appreciated. AtDhVaAnNkCsE, Duke Glover desk =page [email protected] Verizon / Enterprise Information Protection Services -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBOb6ODc7V4zbKN7lqEQK4NACdFuPCHmZtZDSIgGdPPyQLvmVpAX4AoKV1 4q3A7yS4eC1HW4SVqcdxTezi =Xn0y -----END PGP SIGNATURE----- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|