and if I could type correctly, i would have said to check the enable pasv also. >From: "Ivan Fox" <[EMAIL PROTECTED]> >Subject: Re: [FW1] ftp server using random high ports and checkpoint >Date: Fri, 22 Dec 2000 16:54:40 -0500 > > >I have checked the properties. It's been enabled. The problem is still >here :-( > > >----- Original Message ----- >From: "Ms. Geekgirl" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; ><[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> >Sent: Friday, December 22, 2000 2:48 PM >Subject: RE: [FW1] ftp server using random high ports and checkpoint > > >> >> easy way is to check the policy->properties->services->enable ftp port >data connections. Or create the rules. I wouldn't open the high ports in the >fashion your thinking. >> >> >From: "Ivan Fox" <[EMAIL PROTECTED]> >> >Subject: [FW1] ftp server using random high ports and checkpoint >> >Date: Tue, 19 Dec 2000 18:45:00 -0500 >> > >> > >> >Some of our users need to access an external ftp server. Therefore, we >> >setup a rule to use port 20 and 21. However, the ftp server responds >their >> >request using random high ports, therefore, we need to setup a "returning >> >rule" allowing the ftp server coming back using high-ports (>1023). >> > >> >Is it typical for ftp server's returning packets using random high ports? >> >Is it "safe/secure" to setup such rule on checkpoint firewall? >> >Any implications that we need to be aware of? >> > >> >Any pointers are appreciated. >> > >> >Thanks, >> > >> >Ivan >> > >> > >> > >> > >> > >> >>=========================================================================== >===== >> > To unsubscribe from this mailing list, please see the instructions >at >> > http://www.checkpoint.com/services/mailing.html >> >>=========================================================================== >===== >> >> >> >> gg >> (Like a seedling in Spring, green and vulnerable.) >> >> ------------------------------------------------------------ >> Email account furnished courtesy of AntiOnline - http://www.AntiOnline.com >> AntiOnline - The Internet's Information Security Super Center! >> >> >> >> >> ========================================================================== >====== >> To unsubscribe from this mailing list, please see the instructions at >> http://www.checkpoint.com/services/mailing.html >> >============================================================================ >==== >> > > >================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html >================================================================================ gg (Like a seedling in Spring, green and vulnerable.) ------------------------------------------------------------ Email account furnished courtesy of AntiOnline - http://www.AntiOnline.com AntiOnline - The Internet's Information Security Super Center! ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
