| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] ftp problems
I recently upgraded to Checkpoint 2000 SP2 (on Solaris 2.6), and have had
the same problem. I had a user attempting to upload a file to the compaq
ftp server and troubleshot this for a couple of days. When this issue was
first brought to my attention, the user was able to connect and login, but
would get immediately disconnected. Piling through the Checkpoint site,
Phoneboy, and listserver posts, I made the following changes -
1) edited the $FWDIR/lib/base.def to allow FTP headers without "\r\n" by
commenting the #define FTP_ENFORCE_NL line out (changing it to //#define
FTP_ENFORCE_NL).
2) edited the $FWDIR/lib/base.def and changed the following line -
Original Value - #define FTPPORT(match) (call KFUNC_FTPPORT
<0x1|(match)>)
New Value - #define FTPPORT(match) (call KFUNC_FTPPORT <(match)>)
Both lines were already in thie base.def file, I just commented out the
Original Value and uncommented the New Value.
Both changes were done on the Management Console (i'm in a distributed
configuration), a fwstop;fwstart issued, and the policy recompiled and
pushed to the firewall. This made it so that we could successfully connect
to the compaq ftp server. I also was able to successfully get files (I have
not tested FTP puts). I found both of these solutions on the Checkpoint
SecureKnowledge site (if you're lucky enough to have an active Checkpoint
support contract AND a valid login ID)....
Hope this help !!
> Troy Dechant
> Sr. Technical Specialist Network Design
> First American Real Estate Information Services, Inc.
> [email protected]
> t, f>
>
>
> -----Original Message-----
> From: Andrew Fullagar [SMTP:[email protected]]
> Sent: Wednesday, September 20, 2000 12:18 PM
> To: 'Tom Heyworth'; 'Mark Kanwischer'; Fw-1-Mailinglist (E-mail)
> Subject: RE: [FW1] ftp problems
>
> apply both checkpoint fixes at the same time
>
> -----Original Message-----
> From: Tom Heyworth [ <mailto:[email protected]>]
> Sent: Wednesday, September 20, 2000 9:37 AM
> To: 'Mark Kanwischer'; Fw-1-Mailinglist (E-mail)
> Subject: RE: [FW1] ftp problems
>
>
>
> i've tried both ways.. still the same.. thanks
>
> -----Original Message-----
> From: Mark Kanwischer [ <mailto:[email protected]>]
> Sent: 20 September 2000 17:26
> To: 'Tom Heyworth '
> Subject: RE: [FW1] ftp problems
>
>
> I can ftp to both sites okay. Do you have passive ftp box checked in the
> properties screen?
>
> -----Original Message-----
> From: Tom Heyworth
> To: Fw-1-Mailinglist (E-mail)
> Sent: 9/20/00 10:02 AM
> Subject: [FW1] ftp problems
>
>
> Hi, i'm having problems with ftp connections to some ftp sites
> (ftp.compaq.com ftp.barrysworld.com for instance) from behind my
> firewall
> (Firewall-1 4.1 on Redhat 6.2) i'm not blocking anything specific except
> all
> connections to the firewall it's self. I have checked the log to see if
> anything is getting denied, theres not. I have put the firewall ip in
> the
> DNS to see if this makes any difference - it doesn't. Has anyone got any
> ideas why this is happening and how to 'fix' it? or is it just my
> firewall?
> (try ftp'ing to ftp.compaq.com)
>
> thanks
>
> Tom Heyworth
>
>
>
>
> ========================================================================
> ========
> To unsubscribe from this mailing list, please see the instructions
> at
> <http://www.checkpoint.com/services/mailing.html>
> ========================================================================
> ========
>
>
> ==========================================================================
> ======
> To unsubscribe from this mailing list, please see the instructions at
>
> <http://www.checkpoint.com/services/mailing.html>
> ==========================================================================
> ======
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
