Hello
I have a pb with a checkpoint FW
i have set up a FTP server on my DMZ, added a rule FTP in my FW,but clients have pb in some cases
- connexion : ok
- login / password : ok
- data exchange in PORT mode : all is ok.
- if a client try to switch to PASV mode ..the FW cut the connexion when the server reply to PASV
the log on the FW is from to the "SmartDefense" module :
- Attack name : FTP Bounce
- Attack Info : IP adress mismatch in PORT/227 command - header IP
- different from command IP
- service : ftp (21)
- source : X.X.X.X
- target : X.X.X.X
"source" is the IP of ftp client ( on internet ) "target" id the public IP adress of my FTP server
When i check log on my fTP client and server :
- last line on client before disconnect is: "PASV"
- last line on server is "227 Entering Passive Mode (x,x,x,x,215,36) " ( x.x.x.x is public IP of my FTP server, port is in the good range )
If i uncheck the "FTP Bounce protection" in the SMARTDEFENSE module, no more pb, so i think that all rules are fine, good port are open ..just this damned smartdefense pb.
anyone have i idea on this ? is it possible to correct something ? if possible, i'd prefer to reactivate this protection.
Sorry for my english ..i don't use it very often. Thanks in advance