CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3, 9/7.
2. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > SmartDefense
Reload this Page SD stopping Secure FTP
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2007-05-25
K2Technologies K2Technologies is offline
Junior Member
  
Join Date: 2007-03-11
Posts: 10
Rep Power: 0
K2Technologies has an average reputation (10+)
Default SD stopping Secure FTP
The accounting dept at our company uses Secure FTP with Wells Fargo to transfer data for our 401k program. Their system uses ports 3000-3200 for the connection and SmartDefense is killing the connection and giving the following (vague) log entry.

What do I need to do to get SD to accept Sec FTP over the non-standard ports?

Number: 48603
Date: 25May2007
Time: 16:55:11
Product: SmartDefense
Interface: eth2
Origin: Cheyenne (172.24.1.15)
Type: Log
Action: Drop
Protocol: tcp
Service: https (443)
Source: 172.16.1.133
Destination: wellsfargo.com (209.84.206.42)
Source Port: 2904
Reply With Quote
  #2 (permalink)  
Old 2007-05-26
munrog munrog is offline
Member
  
Join Date: 2006-06-27
Location: New Zealand
Posts: 70
Rep Power: 3
munrog has an average reputation (10+)
Send a message via MSN to munrog Send a message via Skype™ to munrog
Default Re: SD stopping Secure FTP
Its going to be hard to see why the packets are being dropped because there isnt much information here. Is this all the information on the SmartDefense alert? Is there anything in the "Attack Name" or "Attack information" or the "Information" fields?

I had something similar, but in my case, some bozo had changed the https service advanced properties, protocol type to HTTP from ENC-HTTP.

Took me absolutely ages to find it!
Reply With Quote
  #3 (permalink)  
Old 2007-05-26
RayPesek RayPesek is offline
Senior Member
  
Join Date: 2006-03-19
Location: Northern Ohio
Posts: 895
Rep Power: 3
RayPesek has an average reputation (10+)
Default Re: SD stopping Secure FTP
Quote:
Originally Posted by K2Technologies View Post
Their system uses ports 3000-3200 for the connection and SmartDefense is killing the connection and giving the following (vague) log entry.
...
Service: https (443)
Doesn't the log entry show they are trying to connect to Wells Fargo on TCP 443, not 3000-3200?

Ray
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 10:33.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0