RE: [FW1] FTP and large file size

Wed, 02 Aug 2000 08:49:47 -0700 


I had the same problem on 4.0, it took me about two weeks to figure it out,
with no help from Checkpoint, big surprise. What is happening is this, ftp
uses two ports, data and control. During large ftp's nothing goes across the
control port since all the work is being done on the data port. So the
firewall times out the control port since nothing has gone across it. When
the last packet is sent to the ftp server the server needs to send a 226
transfer completed across the control port, but the hole in the firewall has
since been closed so the client does not receive it and reports a failure.
We verified this by sniffing both sides of the firewall during a large
transfer. The solution is to tell the firewall to leave the control port
open longer. There may be a different solution for this but here is how I
did it in 4.0 it may work with 2000 also:


Under $FWDIR/lib there is a file called user.def

Add this line to that file
#define FTP_CONTROL_TIMEOUT 7140

In my file this is the third line. I am not sure but I do not think
placement of the line is an issue. 7140 is the number of seconds the control
port (21) is left open. It is my understanding that anything over 2 hours
gets complicated so I set mine to 1 hour 59 minutes.

Let me know if this works.

Bryan 





From: Sam Ghannadi [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 02, 2000 10:10 AM
To: 'fw-1-mailinglis'
Subject: [FW1] FTP and large file size



Hi everybody:

We have a FW1 CP2000 , SP2  on  NT4.0 SP6, when our users trying to FTP to
some locations if the size of file is over 30 or 40 MB  ( only on large file
size happening ) the session will not close but the FTP is done and
sometimes FTP does not work on large file at all.
This problem was also before upgrading with FW 4.0 and upgrading did not fix
it.
Any idea will be appreciated.

Thanks

Sam Ghannadi



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to