CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 4 of 4

Thread: Firewall Gateway Intercepts FTP Sessions

  1. #1
    Join Date
    2013-01-06
    Posts
    7
    Rep Power
    0

    Default Firewall Gateway Intercepts FTP Sessions

    Hi,

    I have the following issue. Firewall gateway pair running Cluster XL, seems to intercept ftp authentication requests. This appears to be like the older user auth features around in older version of Check Point. However, there's no such authentication configured at all.

    I've seen the following sk article which suggests that some legacy user auth might still be in place.

    https://supportcenter.checkpoint.com...tionid=sk40173

    I was just wondering whether anyone else has experienced this issue and whether what's in the sk article resolved the issue.

    Thanks.

  2. #2
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,251
    Rep Power
    14

    Default Re: Firewall Gateway Intercepts FTP Sessions

    Try unchecking IPS on the gateway/cluster object, reinstall policy and try again. My guess is some kind of IPS signature is causing this behavior, if FTP is no longer being intercepted after that change recheck the IPS box and start disabling any IPS signatures having to do with FTP.

  3. #3
    Join Date
    2013-01-06
    Posts
    7
    Rep Power
    0

    Default Re: Firewall Gateway Intercepts FTP Sessions

    Hi thanks for the reply,

    There's no IPS enabled on the gateway and there's no profiles applied to any gateways.

    The sk article suggested commenting out the lines relavant to ftp security server in the fwauthd.conf file. Interested to know whether you or anyone else has tried this in these circumstances.

    Thanks.

  4. #4
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,251
    Rep Power
    14

    Default Re: Firewall Gateway Intercepts FTP Sessions

    Quote Originally Posted by achauhan View Post
    Hi thanks for the reply,

    There's no IPS enabled on the gateway and there's no profiles applied to any gateways.

    The sk article suggested commenting out the lines relavant to ftp security server in the fwauthd.conf file. Interested to know whether you or anyone else has tried this in these circumstances.

    Thanks.
    Commenting them out will probably work and is safe, but I'd still recommend trying to find what in your config is making it do that and remove it instead, do you have any resources defined at all under Manage...Resources? If you do delete them, I've seen the mere presence of resource objects cause wacky behavior with the newer App Control/URL filtering even though said resources were not used at all in the policy.

Similar Threads

  1. FTP over SSL fails with VPN-1/FireWall-1
    By Barry J. Stiefel in forum Services (TCP, UDP, ICMP, etc.)
    Replies: 20
    Last Post: 2014-01-29, 10:59
  2. Firewall changes ftp user name
    By koshan in forum Firewall Blade
    Replies: 2
    Last Post: 2013-03-01, 07:10
  3. Firewall changes FTP filename?
    By Reaper in forum Miscellaneous
    Replies: 12
    Last Post: 2009-08-07, 09:57
  4. Replies: 3
    Last Post: 2006-06-09, 07:18
  5. FTP Redirected URLs, FireWall-1 and MSIE 4.0
    By Barry J. Stiefel in forum Content Security/Security Servers/CVP/UFP
    Replies: 0
    Last Post: 2005-08-13, 13:43

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •