RE: [WS_FTP Forum] WS_FTP Server w/SSL

Mon, 10 Sep 2001 16:02:30 -0700 

I had to deal with this one a few months ago.  The answer is in the Ipswitch
Knowledge Base (http://support.ipswitch.com/kb/FS-20001102-DM01.htm) but is
misleading.  Check Point's Service Pack 3 does NOT fix this problem.  And,
if you install Service Pack 4 after you have installed this workaround, you
must reinstall the workaround.

******** Knowledge Base **************
Question/Problem: Why do I have problems connecting to WS_FTP Server from
behind a Checkpoint Firewall?

Answer/Solution: Checkpoint FireWall-1 expects FTP port commands to be
followed with \r\n.

Following is a response from Checkpoint regarding this problem:

Service Pack 3 will fix this bug.

There is also a workaround on our (Checkpoint) Secure Knowledge Database.

Solution: FTP to specific servers fails (10043.0.7772541.2711982)
Edit the $FWDIR/lib/base.def file to allow FTP headers without "\r\n":

1. Stop FireWall-1 (fwstop)
2. Edit the /$FWDIR/lib/base.def
3. Mark out the following line:

#define FTP_ENFORCE_NL
to:
//#define FTP_ENFORCE_NL

4. Start FireWall-1 (fwstart)
5. Re-install the policy

For more information please contact the firewall vendor.
******** Knowledge Base **************

Good Luck!
Jim

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Sub Net
Sent: Saturday, September 08, 2001 3:34 PM
To: [EMAIL PROTECTED]
Subject: [WS_FTP Forum] WS_FTP Server w/SSL


Has anyone been able to get SSL to work with CheckPoint's FW-1 firewall?  If
so, any details would be greatly appreciated.  The FTP server works great
without SSL, but WS_FTP Pro ver7 hangs when trying to negotiate an SSL
session through the firewall.  This problem does not occur if a connect SSL
inside the firewall.

Thanks,
Tim

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


Please visit http://www.ipswitch.com/support/mailing-lists.html to be
removed from this list.


Please visit http://www.ipswitch.com/support/mailing-lists.html to be
removed from this list.


Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from 
this list.

Reply via email to