[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] 4.1 SP2 Problems with some FTP sites (compaq)
[email protected] wrote: > > Since I moved from 40. sp5 to 4.1 sp2 people cannot download from some > ftp-sites. > one of them iftp.compaq.com. > > The fw rejects the packet comming back from compaq with rule 0. > Saying: unknown established TCP packet. > > Other FTP sites are OK > > Any suggesstions? > > Hans Hamakers > ABB Benelux > IT Networkservices > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ UNcomment #define ALLOW_NON_SYN_RULEBASE_MATCH in $FWDIR/conf/fwui_head.def and comment #define FTP_ENFORCE_NL in $FWDIR/conf/base.def The first one being commented out by default causes a lot of unestablished tcp-connection errror (dropped by rule 0), the second causes connection lost to ftp servers with no NewLine endings in their data-packets. Those two "security enhancements" in 4.1SP2 cause a lot of traffic loss. I have the impression 4.1SP2 was a panic reaction by Checkpoint, I think nobody can use the default settings... -- Guido Van De Velde LUDIT - KULeuvenNet Attachment:
smime.p7s
|