Check Point community forum
February 07, 2012, 09:49:12 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
  Home   Forum   Help Search Login Register   **
Search
User
Welcome, Guest. Please login or register.
Did you miss your activation email?
February 07, 2012, 09:49:12 PM

Login with username, password and session length
Articles
Check Point community forum > Forum > Perimeter security > Firewall-1 > FTP download issues
Pages: [1]
« previous next »
  Print  
Author Topic: FTP download issues  (Read 1112 times)
rockysam39
Newbie
*
Posts: 16
« on: July 11, 2008, 01:02:11 PM »


We are facing this issue since last few months. When we try to download any drivers from the Dell or HP websites , the download is getting re-directed to one of their FTP sites and then the download fails with either 'Page cannot be displayed' error or continues to try opening the page for eternity...
When I check the logs on the firewall ( SmartView Tracker ) I see all the FTP traffic from the source machine is passing the Firewall, and not dropped/rejected (not even by the Smartdefense). However , veryfew packets are getting dropped. One such log detail is as follows:-



Number:         177797
Date:               5Jul2008
Time:              5:40:36
Product:          VPN-1 Power/UTM
Interface:        eth1
Origin:            INITC_FW_01
Type:              Log
Action:            Drop
Protocol:         tcp
Service:          ftp (21)
Source:           10.108.8.32
Destination:    pla-ftp.nai.com (216.143.70.11)
Source Port:   1697
Information:    TCP packet out of state: First packet isn't SYN
                       tcp_flags: ACK
Policy Info:     Policy Name: INITC_FW_01-20071108-DH
                       Created at: Fri Jul 04 13:44:14 2008
                       Installed from: SmartCenter-1
The Firewall rule for Internet is set to allow FTP traffic.
I have tried to check for logs of traffic coming from these FTP sites (i.e., inbound ftp traffic ) but I dont see any traffic at all.

I'm trying to figure out if there is any blockage on the Firewall or not, though I believe there is none.

Can anyone help me with any ideas to research this from the Firewall end or a better way to analyze these traffic?
Is there anything else I may check to see if the FTP download is getting blocked by the Firewall or Smartdefense.
Logged
juve
Administrator
Jr. Member
*****
Posts: 92
« Reply #1 on: July 11, 2008, 03:32:46 PM »
You can try to disable state checking for ftp by adding the following in the user.def file :

deffunc user_accept_non_syn() {
( /* allow ftp connections to start with a non-SYN packet */
(dport=21, sport=21) or 0
)
};


Do other ftp connections work or not?
Logged
rockysam39
Newbie
*
Posts: 16
« Reply #2 on: July 16, 2008, 10:34:12 AM »
Thanks for the suggestion Juve.
This might sound silly but I dont seem to be able to find the user.def file

Can you please let me know the path for this file?
Logged
juve
Administrator
Jr. Member
*****
Posts: 92
« Reply #3 on: July 16, 2008, 11:41:02 AM »
Hi,

The file is located in $FWDIR/lib

Normally, you can make the change on the management server and push the policy to the firewall afterwards.
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to:  

Recent
Check Point Acquires Data...
by prashant.ptkr
[December 20, 2011, 07:35:00 AM]
Job Opportunities in Melb...
by eujinn
[August 11, 2011, 07:07:19 AM]
Navigation
Stats
Members
Total Members: 226
Latest: mkouzuma
Stats
Total Posts: 183
Total Topics: 76
Online Today: 10
Online Ever: 21
(February 06, 2009, 02:31:43 PM)
Users Online
Users: 0
Guests: 13
Total: 13
Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
TinyPortal v0.9.8 © Bloc 		Valid XHTML 1.0! Valid CSS!