 Re: FTP - CheckPoint 4.1
Hi
I'm also having issues with FTP on 4.1
Large FTP's do not seem to be going through successfully from Mainframe.
Seen the mainframe trace, not seeing keep-alive. Also, seeing ACK PSH FIN in last packet before error pops up on green screen.
I've been looking around and found "new line entry" checking.
Apparently, the Client is sending FIN in packet that should be in new line and not data connection.
Workaround is to set FTP keepalive packets on Mainframe or hashing out "n l e" ...
FTP Client fails with message EZA2590E getNextReply error from recv = (1121.76650446) - EDC8121I Connection reset after applying PQ45544
Cause
The above message indicates a Reset was received on the FTP control connection. This causes the connection to end; the above error message is issued when the FTP client tries to read a reply from the FTP server indicating if the FTP transfer worked.
PQ45544 enhances the FTP client to turn on Keepalive support on the FTP control connection. This causes the TCP layer to send a one-byte packet to the remote TCP stack when the connection has been idle for a certain period of time. Certain firewalls do not allow TCP packets on the FTP control connection to be sent unless they end with ASCII CRLF(Carriage Return Line Feed) NL (new line). These firewalls respond with a Reset to the Keepalive packet that is sent. In particular, this problem has been seen with firewalls from Check Point (tm) Software Technologies LTD configured with #define FTP_ENFORCE_NL in the $FWDIR/lib/base.def file.
Solution
Removing the #define FTP_ENFORCE_NL definition from the $FWDIR/lib/base.def file on the firewall allows the Keepalive packet to pass through. Another possible circumvention is to code an FTPKEEPALIVE value in the FTP.DATA file for the client that is longer than the amount of time the FTP transfer will run.
See if this works for you.  |