Ivan,
Have you tried either of these fixes:
1. Stop FireWall-1 (fwstop)
2. Edit the /$FWDIR/lib/base.def
3. Mark out the following line:
#define FTP_ENFORCE_NL
to:
//#define FTP_ENFORCE_NL
4. Start FireWall-1 (fwstart)
5. Re-install the policy
Or this one:
1. Stop the FireWall (fwstop)
2. Edit the $FWDIR/lib/base.def:
Change it from:
#define FTPPORT(match) (call KFUNC_FTPPORT <0x1|(match)>)
//
// Use this if you do not want the FireWall module to insist on a newline at
the
// end of the PORT command:
// #define FTPPORT(match) (call KFUNC_FTPPORT <(match)>)
To:
//#define FTPPORT(match) (call KFUNC_FTPPORT <0x1|(match)>)
//
// Use this if you do not want the FireWall module to insist on a newline at
the
// end of the PORT command:
#define FTPPORT(match) (call KFUNC_FTPPORT <(match)>)
(The change is to comment the first line, and uncomment the last one)
3. Start the FireWall (fwstart)
4. Re-install the policy
Either one or both of these is the solution I used for a problem much like
the one you just described. It used to happen on our IIS Version 4 FTP
Server. After applying both of these, we no longer have the problem.
Let me know if either of these work.
Thanks,
Lance
----- Original Message -----
From: "Ivan Fox" <[EMAIL PROTECTED]>
To: "Lance Ecklesdafer" <[EMAIL PROTECTED]>; "Firewall-Wizards@Nfr. Net"
<[EMAIL PROTECTED]>; "Firewalls@Lists. Gnac. Net"
<[EMAIL PROTECTED]>; "Firewall-1"
<[EMAIL PROTECTED]>
Sent: Friday, December 22, 2000 5:01 PM
Subject: Re: ftp server using random high ports and checkpoint
> Lance;
>
> Thank you for your input.
>
> We have already done what you have advised.
>
> In fact, we have "complained" to Microsoft premium support. It knows
> exactly what is the problem and directs us to talk to Check Point.
>
> We logged a technical support call to Check Point. We have gone through 4
> different technical support specialists over a week, the problem is still
> here!
>
> Interestingly, it is only a folder with 10,000 1K files has problem. The
> other folder with many sub-folders with many 1K files without problem!
(As
> a result, a hypothsis (sp) says it might be the NTFS Master File Table
(aka
> file allocation table) causing this problem!)
>
> Any further comments are appreciated.
>
> Thanks and have a merry Holiday.
>
> Ivan
>
>
> ----- Original Message -----
> From: "Lance Ecklesdafer" <[EMAIL PROTECTED]>
> To: "Ivan Fox" <[EMAIL PROTECTED]>; "Firewall-Wizards@Nfr. Net"
> <[EMAIL PROTECTED]>; "Firewalls@Lists. Gnac. Net"
> <[EMAIL PROTECTED]>; "Firewall-1"
> <[EMAIL PROTECTED]>
> Sent: Friday, December 22, 2000 3:59 PM
> Subject: Re: ftp server using random high ports and checkpoint
>
>
> > Ivan,
> >
> > Check the Properties settings under the Policy Menu in the Checkpoint
> > Firewall-1 GUI. Go to the "Services" tab and select the "Enable FTP Port
> > Data Connections" and "Enable FTP PASV Data Connections". Your rulebase
> > would contain a rule that would appear like :
> >
> > Source = clients allowed to ftp (probably a group of workstations or
> users)
> > Destination = Any
> > Service=ftp
> > Action=Accept or User Authentication
> > Track= Long or Short (I always track)
> > Install on = Gateways
> > Time = Any
> > Comment= Rule to allow FTP to any site by authorized users
> >
> > Hope this helps
> >
> > Lance
> >
> > ----- Original Message -----
> > From: "Ivan Fox" <[EMAIL PROTECTED]>
> > To: "Firewall-Wizards@Nfr. Net" <[EMAIL PROTECTED]>;
> > "Firewalls@Lists. Gnac. Net" <[EMAIL PROTECTED]>; "Firewall-1"
> > <[EMAIL PROTECTED]>
> > Sent: Tuesday, December 19, 2000 6:45 PM
> > Subject: ftp server using random high ports and checkpoint
> >
> >
> > > Some of our users need to access an external ftp server. Therefore,
we
> > > setup a rule to use port 20 and 21. However, the ftp server responds
> > their
> > > request using random high ports, therefore, we need to setup a
> "returning
> > > rule" allowing the ftp server coming back using high-ports (>1023).
> > >
> > > Is it typical for ftp server's returning packets using random high
> ports?
> > > Is it "safe/secure" to setup such rule on checkpoint firewall?
> > > Any implications that we need to be aware of?
> > >
> > > Any pointers are appreciated.
> > >
> > > Thanks,
> > >
> > > Ivan
> > >
> > >
> > >
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > >
> >
> >
> >
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
