Your ftp server must be supporting EPSV mode. Are you running NGx R65? NGx R65 with HFA_01 fixes this problem.
One way to test this is to using the curl command in Linux to test your ftp? run fw monitor and you will see if your ftp server has built-in EPSV? curl --disable-epsv -n ftp-server --- On Mon, 12/1/08, Felipe Almeida <[EMAIL PROTECTED]> wrote: From: Felipe Almeida <[EMAIL PROTECTED]> Subject: Re: [FW-1] Disable SmartDefense Completely To: [email protected] Date: Monday, December 1, 2008, 1:49 PM Is there a way to disable this 227 check on the ftp.def file? Since it is an implicit connections, I just thought if I could kind of disable it editing the ftp.def. I know it is not to edit any of the FW files. Thank you. Mailing list for discussion of Firewall-1 <[email protected]> wrote on 30/11/2008 17:01:44: > Felipe Almeida a écrit : > > Well, I did that for the FTP. Created a new TCP service with the port 21 > > and didn't assign any protocol type to it. After that, I am able to > > connect to my FTP, but after any command (for example, dir, ls -la, put), > > it shows "200 PORT command successful" and doesn't show any results. Stay > > like that until I get a time out. > > > > > do you know about ftp active and passive modes ? > this is also part of smartdefense to dinamically open the data port for > ftp connections. > > I don't have any protocol associated with that port. And I also selected a > > profile in SmartDefense and deactivated all the available protections. > > > > This error isn't being shown in my SmartDefense log. > > > > Things here are getting too much strange. > > > > > can you switch from ftp to scp ? > > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
