Title: ftp problemsas far as I know - if you use both these checkpoint solutions and apply both of them together, should fix the problem - let me know if it does
Solution: FTP to specific servers fails (10043.0.7772541.2711982)
Edit the $FWDIR/lib/base.def file to allow FTP headers without "\r\n": 1. Stop FireWall-1 (fwstop) 2. Edit the /$FWDIR/lib/base.def 3. Mark out the following line: #define FTP_ENFORCE_NL to: //#define FTP_ENFORCE_NL 4. Start FireWall-1 (fwstart) 5. Re-install the policy Note for Solutions to other problems arising from an upgrade to FireWall-1 4.0 SP6, see FTP to some servers fails <solutionarea.asp?id=10043%2E0%2E7802303%2E2713413>
Problem Description
FTP to specific servers fails
See the problem environment. <solutionarea.asp?togglefacts=1&id=74ef36ae-8786-11d4-bce3-080020cf9075&resource=>
See the cause. <solutionarea.asp?togglecause=1&id=74ef36ae-8786-11d4-bce3-080020cf9075&resource=>
See changes that affect this problem. <solutionarea.asp?togglechange=1&id=74ef36ae-8786-11d4-bce3-080020cf9075&resource=>
Comment on this Solution <JavaScript: startnow();>
Copyright �1996-2000 Primus Knowledge Solutions, Inc. All Rights Reserved. Solution Content Copyright �2000 Check Point Software Technologies Inc. All Rights Reserved.
Solution: FTP to some servers fails (10043.0.7772541.2711982)
Edit the /$FWDIR/lib/base.def file to allow this behavior: 1. Stop the FireWall (fwstop) 2. Edit the $FWDIR/lib/base.def: Change it from: #define FTPPORT(match) (call KFUNC_FTPPORT <0x1|(match)>) // // Use this if you do not want the FireWall module to insist on a newline at the // end of the PORT command: // #define FTPPORT(match) (call KFUNC_FTPPORT <(match)>) To: //#define FTPPORT(match) (call KFUNC_FTPPORT <0x1|(match)>) // // Use this if you do not want the FireWall module to insist on a newline at the // end of the PORT command: #define FTPPORT(match) (call KFUNC_FTPPORT <(match)>) (The change is to comment the first line, and uncomment the last one) 3. Start the FireWall (fwstart) 4. Re-install the policy Note- for Solutions to other problems arising from an upgrade to FireWall-1 4.0 SP6, see FTP to specific servers fails <solutionarea.asp?id=10043%2E0%2E7772541%2E2711982>
Problem Description
FTP to some servers fails
See the problem environment. <solutionarea.asp?togglefacts=1&id=bba89c20-8786-11d4-bce3-080020cf9075&resource=>
See the cause. <solutionarea.asp?togglecause=1&id=bba89c20-8786-11d4-bce3-080020cf9075&resource=>
See changes that affect this problem. <solutionarea.asp?togglechange=1&id=bba89c20-8786-11d4-bce3-080020cf9075&resource=>
Comment on this Solution <JavaScript: startnow();>
Copyright �1996-2000 Primus Knowledge Solutions, Inc. All Rights Reserved.
Solution Content Copyright �2000 Check Point Software Technologi
andrewInternet Security Engineer (CCA,CCSA,CCSE,CCNA)
Gigabytes Inc.
Tel: (510) 440-8032
Fax: (877) 295-3969 (toll free)
Cel: (510) 220-1343
Does
anyone know the reason these Checkpoint solutions have you fwstop before making
the changes?? I would like to be able to edit base.def and then fwstop;fwstart,
creating the shortest down time for our users.
When I
did it their way, I kept checking the base.def at each step and can't figure out
why I needed to fwstop first.
Thanks
for the enlightenment!
Joe
Joe
