Don,
If your firewall folks just recently upgraded the firewall, it could be that
the
upgrade "defaulted", or reset some configuration settings. For FTPS, the
firewall cannot do what's referred to as "stateful checking". I know ours does
that, and if it does that on the control connection (and/or data connection),
you will see the error you've been getting.
On another note, someone mentioned earlier in the thread about PCI-DSS
and it's requirements for NATing, but also asked about what PCI-DSS means
by "public network". PCI-DSS uses that term to indicate any network where
someone from outside your company might gain access to your internal
network, and be able access the credit/debit card information, as in the case
of a company setting up a wireless network. In the wireless network example,
that initially means setting up firewalls between that wireless router and the
systems that process the credti/debit transactions.
Also, I believe someone mentioned that PCI-DSS requires that the credit card
information (i.e. PAN) be encrypted inflight. Unless I'm mistaken, PCI-DSS
only
deals with data at rest (i.e. in databases, or flat files). Encryption of this
data
inflight is not part of the PCI-DSS standard, yet. If it were, then some of
the
breaches in recent time, where transactions were caught inflight, even while a
company may have passed a PCI audit, should not have happened. If PCI-
DSS does require the PAN to be encrypted, it would also have to require that
the track-2 data also be encrypted.
Peter
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
