Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

FTPS through Checkpoint NG on port 21 1

Status
Not open for further replies.
LedZepRock

LedZepRock

MIS
Feb 20, 2002
265
GB
Hi

I need to pass FTPS through Checkpoint on port 21 (normal FTP). Has anybody had any experiance with getting this done. Checkpoints statful filtering I think is dropping the packet due to the encryption of the data portion of the packet.

Led*Zep
 
Sort by date Sort by votes
are you getting any messages in the logs saying why the packet is failing?
 
Upvote 0 Downvote
Hi Piloria

Not really, we get a message saying that the FTP has started up, our software then shows a return code of 220 (a yes I am a server, and I am ready to connect to) and then we see the Certificate get fire up, then it all stops, now all of that is gen'd by the FTPS software, Checkpoint shows and Outgoing TCP connect and nothing else (This firewall is at our hosting company, so I am going on what they have said), One of the RFC's I have read does say that some firewalls to drop FTPS traffic often without logging!! duno how true that is.

So, so far we see this

Our software connects to the FTPS server, has a little chat about encyption and as soon as encryption starts all packets stop being received (or sent I guess), ie the firewall must be dropping them, the firewall currently has a rule that allows all traffic to pass in both directions.

Led*Zep
 
Upvote 0 Downvote
found this on phoneboys site hope it helps

If you're running something that isn't the standard FTP over port 21,
don't use the predefined 'ftp' service. Create a new TCP service with
on port 21, but set the protocol type to 'other'. Use this in your
rule, not Checkpoint's FTP code.




Hello All,

I am trying to set up a secure ftp server behind firewall-1 4.1 SP5.

If I set the secure ftp server to listen on port 10021 and configure the
firewall accordingly then this works.

I need to be able to do this on port 21 but this fails. No issues are
hilighted in the firewall log.

I think this may have something to do with the way that firewall-1
interrogates port 21 traffic looking for port numbers etc, but not sure.

If anybody has had a similar problem and has managed to get this working
I would be very grateful if you could provide me with any details.



 
Upvote 0 Downvote
Hey thanks.

I have sent this to our Hosting Centre Guys, hope thats the fix, but it sure sounds like the sort of problem we are having.

Led*Zep
 
Upvote 0 Downvote
Hi, did you get a resolution to this problem?
 
Upvote 0 Downvote
you didn't say what version of checpoint? NG or NG AI?
check the smart defense tab and unchecked everything in the ftp and http worm catcher. that will fix your problem.

wireless
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
254
XLNTech1
XLNTech1
Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
283
Sameer258
Sameer258
ChrisFairley
  • Locked
  • Question
Downloads failing through ASA 5520
Replies
1
Views
84
iggsterman
iggsterman
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
92
Russtoleum
Russtoleum
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
90
PauS0n
PauS0n

Part and Inventory Search

Sponsor

Back
Top