We're trying to do some FTP's between Gauntlet and Checkpoint firewalls and
are having problems with getting the data port to "synchronize". The Users
behind the Checkpoint firewall FTP through the Gauntlet firewall. The users
then attempt to use a command which requires the data port.
At this point, everything stops. Our research indicates that Gauntlet is
allowing the source data-port to float while Checkpoint is expecting that
the port will be "ftp-data". There are 2 options:
1. modify Gauntlet to use the ftp-data port. We are reluctant to do so since
some of the more recent RFCs indicate that floating the port is generally
more secure although this works.
2. modify Checkpoint to allow the port to float. This has caused other
FTP-related problems.
Question: does anyone with Checkpoint experience know how to float the
source port? I haven't been directly involved with the Checkpoint side; the
people who have tried this have used some documentation on the Checkpoint
support site.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
