CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 3 of 3

Thread: FTP on Higher ports

  1. #1
    Join Date
    2006-03-14
    Posts
    391
    Rep Power
    15

    Default FTP on Higher ports

    I have a FTP server running on Windows on port TCP/2121.

    When I perform a FTP from a DMZ host to this internal host on port 2121, the first connection on TCP/2121 is successfull. But the secondary connection (data connection) is getting dropped. I think the firewal is not dynamically opening the data port for this ftp session. How can I rectify this?

  2. #2
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,252
    Rep Power
    15

    Default Re: FTP on Higher ports

    Quote Originally Posted by avilT View Post
    I have a FTP server running on Windows on port TCP/2121.

    When I perform a FTP from a DMZ host to this internal host on port 2121, the first connection on TCP/2121 is successfull. But the secondary connection (data connection) is getting dropped. I think the firewal is not dynamically opening the data port for this ftp session. How can I rectify this?
    Create a new TCP service called ftp2121 and set the port number to 2121. On the Advanced Properties for the service set the Protocol Type to FTP and check the box "Match for Any". This will tell the firewall to watch for PORT commands inside the port 2121 control connection so it can dynamically open the necessary data ports.

  3. #3
    Join Date
    2007-12-04
    Location
    Montreal
    Posts
    21
    Rep Power
    0

    Default Re: FTP on Higher ports

    yep, you are associating the ftp data pre-definition to another tcp service port... works

Similar Threads

  1. Ugrading Issues of R71.10 to any higher verison
    By Lurker69 in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 0
    Last Post: 2012-02-23, 10:28
  2. Ports to allow
    By nandu1082 in forum Miscellaneous
    Replies: 1
    Last Post: 2009-04-30, 08:41
  3. SmartDefense and blocking FTP "known ports"
    By cciesec2006 in forum IPS Blade (Formerly SmartDefense)
    Replies: 1
    Last Post: 2007-09-05, 11:28
  4. Why Won't the FTP Security Server Let Me Use Certain FTP Commands?
    By roadrunner in forum Content Security/Security Servers/CVP/UFP
    Replies: 0
    Last Post: 2005-08-13, 15:31
  5. FTP on Non-standard Ports
    By Barry J. Stiefel in forum Services (TCP, UDP, ICMP, etc.)
    Replies: 0
    Last Post: 2005-08-13, 13:42

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •