Ivan,
Check the Properties settings under the Policy Menu in the Checkpoint
Firewall-1 GUI. Go to the "Services" tab and select the "Enable FTP Port
Data Connections" and "Enable FTP PASV Data Connections". Your rulebase
would contain a rule that would appear like :
Source = clients allowed to ftp (probably a group of workstations or users)
Destination = Any
Service=ftp
Action=Accept or User Authentication
Track= Long or Short (I always track)
Install on = Gateways
Time = Any
Comment= Rule to allow FTP to any site by authorized users
Hope this helps
Lance
----- Original Message -----
From: "Ivan Fox" <[EMAIL PROTECTED]>
To: "Firewall-Wizards@Nfr. Net" <[EMAIL PROTECTED]>;
"Firewalls@Lists. Gnac. Net" <[EMAIL PROTECTED]>; "Firewall-1"
<[EMAIL PROTECTED]>
Sent: Tuesday, December 19, 2000 6:45 PM
Subject: ftp server using random high ports and checkpoint
> Some of our users need to access an external ftp server. Therefore, we
> setup a rule to use port 20 and 21. However, the ftp server responds
their
> request using random high ports, therefore, we need to setup a "returning
> rule" allowing the ftp server coming back using high-ports (>1023).
>
> Is it typical for ftp server's returning packets using random high ports?
> Is it "safe/secure" to setup such rule on checkpoint firewall?
> Any implications that we need to be aware of?
>
> Any pointers are appreciated.
>
> Thanks,
>
> Ivan
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
