I am running NG with AI R55W so that option may not be avaliable to you. I think unchecking the "FTP Bounce" will get it to work. I am not sure if it is a bad thing from a security point of view. However, if you disable ftp "clear text" and allow only scp and ftp over SSL then you should be ok. The other problem that I can see is that if there is "virus" inside the ftp data payload, there is no way checkpoint can detect it since the connection is encrypted. But then again, the "end-host" should have antivirus and should be able to detect it.
Give it a try. good luck Raymond N <[EMAIL PROTECTED]> wrote: Hmm, what you explained makes sense. What version of NG AI are you using? In my version (NG AI R55 hotfix 12), there is checkbox (SmartDefence - AI - FTP) for "FTP Bounce", and the only sub-configuration item is the 'track' option (e.g. log, alert, snmp trap, etc.). I don't see if there is options for "watch only". Shall I just 'unckcik' FTP bounce? Is this a bad thing to do from the security point of view? BTW, how come the log message said 'TELNET options bounce' instead of 'FTP Bounce'??? Thanks. -raymond n At 06:39 PM 3/22/05 -0800, cisco4ng wrote: >What it means is that checkpoint tried to read the content inside the ftp session; however, >since the content is "encrypted" via SSL and checkpoint does not know or how to decrypt it, >it will think that this is an "attack" attempt. If you go into smartdefense and under the ftp, go >into FTP bounce, and select "monitor only", your ftp over SSL will work. > >cisco4ng > >Raymond N wrote: >I am using NG AI R55 Hotfix-12 on Nokia platform. >One of my users tries to do SSL over FTP with an external ftp server over >the Internet. The connection failed even at the control session (i.e. no >login prompt). Looking at the firewall log, the rule I have for outbound >ftp shows the traffic is allowed, but at the "Information" column, it has a >message about "Attack info: The packet was modified due to a potential >TELNET OPTIONS Bounce attack". > >Can anyone tell me what this is? Again, the firewall log shows the traffic >is 'permit', but the ftp control session is still failed. > >Thanks in advance for any info. > >-raymond > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= > >__________________________________________________ >Do You Yahoo!? >Tired of spam? Yahoo! Mail has the best spam protection around >http://mail.yahoo.com > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= > > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Do you Yahoo!? Yahoo! Mail - Easier than ever with enhanced search. Learn more. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
