Hello all-
Occasionally during it's course of business, an FTP client outside our
firewall will send a port command in to an internal server. The port
command's ephemoral port matches another predefined service on the firewall
and is rejected by rule '0' with a message of:
reason: tried to open tcp service port, port:xx --- where xx is the
predefined service.
I understand that I can remove the high ports 'verbage' from the macro in
the firewall that disallows use of high ports found in the sevices table.
But I am concerned that there may be implications to the server where those
services actually live.
My reseller tells me the risks are almost nonexistant and I tend to agree.
But being somewhat paranoid, I am looking for any additional input from
others who may have been down this road before I make any changes.
Thanks in advance for your input.
Bob Runte
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
