> Time action service source destination proto rule > 3:21:45 accept ftp 204.14.x.x 205.x.x.x tcp 17 > 3:21:45 accept - 10.x.x.x 204.14.x.x icmp - > 3:21:45 accept - 204.14.x.x 10.x.x.x icmp - > 3:21:48 accept 58103 205.x.x.x 206.x.x.x tcp 0 > > In this log file 204.x, 206.x are address from > Internet. 205.x is my ftp server public address and > 10.x is the ftp private address. > > Something strange: > 1. ICMP accepted in both ways without rule and without > service...!?????? > 2. Service accepted (58103) without rule in > place..!???? > > I am running CP 4.1 SP 4 on Solaris. Any clue on what > is here? The ICMP is accepted because you have "Accept ICMP [Before Last]" in your policy properties.
The 58103 is because CheckPoint understands the FTP protocol and you do not. FTP works like this: You connect to the FTP server. Then your client gives the FTP server a port that it wants to accept the data connection on. Your client then opens this port and waits for the FTP response. CheckPoint understands this and allows the traffic (As it is supposed to). -Don ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
