Greetings, If you block "icmp-proto" at the firewall, you may be blocking ICMP "destination unreachable" due to "fragmentation needed but do not fragment bit set" messages sent to a router which may cause you some trouble. If this is the case, consider allowing service "dest-unreach" type icmp any to any. Hope this helps! Regards, Ron Frost Software AG > > Michael Efrusy wrote: > > > > I am running Checkpoint FW-1 ver. 4.1 on a Windows NT server > (SP 6). Our > > clients are running Win NT 4.0. We are having an issue with ftp in that > > clients are able to connect to a remote ftp server but are disconnected > > (connection terminated by remote host) upon entering an ls or > get command. > > > > Apparently the remote server is sending an RST packet and > disconnecting the > > client. This occurs when using PASV ftp as well (through the quote PASV > > > > command). PASV is enabled in the properties box and the rules > appear to be > > ok (this problem occurs even when high tcp ports are enabled). > Does anyone > > have any suggestions how to resolve th - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
