I have to side with hermit here: The resolution at Phoneboy seems to have as
prerequisite that I have defined some special high-numbered services on my own, which
I didn't. Also we don't offer inbound ftp to anyone, just outbound.
Here's my understanding of what's happening: A user initiates an ftp transmission with
an external source, but the high-numbered port negotiated for the data connection
accidentally matches the port for a pre-defined service, in this case vosaic, so the
FW rejects the packets. I could of course disable the checking for services as stated
at Phoneboy's but won't this have other repercussions pertaining to security??
Cheers
Ralf
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
