I disabled SYN Defender. Problem still occurs.
The timeouts for TCP Session and UDP are set to the defaults. After clicking on
the link to the ftp site the entries in the log show up in 10 - 20 seconds so I
dont think that is it.
Thanks,
Joe
"Scheidel, Greg" <[EMAIL PROTECTED]> on 07/13/2000 02:34:39 PM
To: Joseph Vieira/DMR/CA@DMR-CANADA
cc:
Subject: RE: [FW1] ftp problem
Hrm. RSH/REXEC and RPC won't impact this.
Two other things you can check (and test each one independently) are:
- Disable SYN Defender
- Check Policy/Properties/Security Policy/[TCP Session Timeout, UDP Virtual
Session Timeout]. Defaults are 3600 and 40, respectively. The problem
you're now describing could be caused by the TCP / UDP session timing out of
the state table before the FTP response comes in.
Greg S.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 13, 2000 1:40 PM
To: Scheidel, Greg
Subject: RE: [FW1] ftp problem
Greg,
That's what I have.
FTP Port Data: Y
FTP PASV Data: N
RSH/REXEC: N
RPC: Y
Could the other two be causing this problem?
Thanks,
Joe
"Scheidel, Greg" <[EMAIL PROTECTED]> on 07/13/2000 12:33:23 PM
To: Joseph Vieira/DMR/CA@DMR-CANADA
cc:
Subject: RE: [FW1] ftp problem
Try these settings on your Firewall Policy/Properties/Services:
Enable FTP Port Data Connections : Yes
Enable FTP PASV Data Connections : No
Greg S.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 13, 2000 12:23 PM
To: Scheidel, Greg
Cc: [EMAIL PROTECTED]
Subject: RE: [FW1] ftp problem
OK,
I removed anti-spoofing as suggested that it might be a problem. And I
turned
FTP PASV off. Still does not work but I have a different log entries.
First one is from client to server dropped by last rule using high port
numbers
44067 and 53154 I tested it twice I'm assumming it is just random high port.
Second log entry is from ftp server to client port 4313 and 4321 again I'm
assumming it is just random. In the log entry for the second one it listed
the
s_port as ftp-data. I don't know if that means anything.
Any suggestions?
Thanks,
Joe
"Scheidel, Greg" <[EMAIL PROTECTED]> on 07/12/2000 10:33:17 PM
To: Joseph Vieira/DMR/CA@DMR-CANADA,
[EMAIL PROTECTED]
cc:
Subject: RE: [FW1] ftp problem
Firewall Policy/Properties/Services/"Enable FTP PASV Data Connections" -
Off. This setting does exactly the opposite of what you'd expect. "tried
to open other host port" is indicative of this problem.
Greg S.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 12, 2000 10:22 AM
To: [EMAIL PROTECTED]
Subject: [FW1] ftp problem
Greetings,
I have FW-1 ver 4.0 and 4.1 on NT machine. I was on oralces tech web site
http://technet.oracle.com/ to down load some software. The web site takes
you
to a page which has a link to their ftp site. When I click on that link I
get a
read error. I checked the FW logs and it showed that a packet was rejected
by
rule 0 from the ftp server to client machine. In the info section of the
log it
stated the reason: tried to open other host port.
Now I was downloading stuff from oracle for a month now with no problems
until
last week. Than this happened on my FW (ver 4.0), and I just setup a new FW
(ver 4.1) and I have the same problem. Anyone know what this problem is and
how
to fix it?
Thank you,
Joe
I'm using IE and Netscape to download from oracle on both Windows and Linux
machines.
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
