I just had the same problem but it was related to the WS_FTP Server. It
doesn't send a newline after a port command and Checkpoint 4.1 doesn't allow
this. If you edit that same line it will work. Here is a knowledge base
article that I found in regards to the problem but it is specific to
WS_FTP's Server Product...Maybe that's what Oracle Uses....Check here for
specifics http://support.ipswitch.com/kb/FS-20001102-DM01.htm
__________________________________
Gino Pietro Guidi
Network Engineer
@The Costar Group/COMPS
[EMAIL PROTECTED]
858.831.7155
-----Original Message-----
From: Pires, Michael [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 29, 2001 10:37 AM
To: 'Thomas Holmstrom'; Pires, Michael;
[EMAIL PROTECTED]
Subject: RE: [FW1] ftp problems to oracle
I know the problem (A sniffer shows all) Its the banner oracle uses on that
site is big and fragments across three packets which the firewall doesent
accept. If you rem this line #define FTP_ENFORCE_NL in base.def and push the
policy than all works and by-passes the security check. However this is a
temporary fix just to get the patch I think Oracle should change their
useless banner or move it to after you have logged in.
-----Original Message-----
From: Thomas Holmstrom [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 29, 2001 1:08 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [FW1] ftp problems to oracle
We've also seen this problem and we're running Checkpoint 4.1 SP3. A
colleague of mine who operates a Checkpoint protected network was having the
same issue with the oracle ftp site. Some users have reported the same thing
happening to them from home, although most could access it fine. After some
users reported problems from home, we chalked it up to an issue with the
Oracle FTP site and asked the developer who was requesting to get to that
site call Oracle. I'm not sure if he ever did. I'd be interested to hear if
anyone else has more information on this, but I'd be surprised if the
problem was a Checkpoint issue, since we've been able to ftp to hundreds of
other sites just fine.
>From: "Pires, Michael" <[EMAIL PROTECTED]>
>To: "'[EMAIL PROTECTED]'"
><[EMAIL PROTECTED]>
>Subject: [FW1] ftp problems to oracle
>Date: Thu, 29 Mar 2001 10:47:44 -0500
>
>
>
>We are running checkpoint 4.0 Build 4156 and when we try and ftp to
>oracle-ftp.oracle.com the client (or firewalls) send a RST packet but if we
>try and ftp to ftp.oracle.com it works. The only difference we see (in the
>sniffer) is that the one that works gets a FTP server ready and the one
>that
>doesent work try to display a banner which overflows against three packets
>and a RST is sent. Is checkpoint looking for a FTP server ready?
>
>Any has resolved this issue before?
>
>Thanks
>
>_______________________________________
>Michael
>
>
>
>===========================================================================
=====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>===========================================================================
=====
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
