Checkpoint vs FTP/PASV


I have a pb with a checkpoint FW

i have set up a FTP server on my DMZ, added a rule FTP in my FW,but clients have pb in some cases

- connexion : ok

- login / password : ok

- data exchange in PORT mode : all is ok.

- if a client try to switch to PASV mode ..the FW cut the connexion when the server reply to PASV

the log on the FW is from to the "SmartDefense" module :

  • Attack name : FTP Bounce
  • Attack Info : IP adress mismatch in PORT/227 command - header IP
  • different from command IP
  • service : ftp (21)
  • source : X.X.X.X
  • target : X.X.X.X

"source" is the IP of ftp client ( on internet ) "target" id the public IP adress of my FTP server

When i check log on my fTP client and server :

- last line on client before disconnect is: "PASV"

- last line on server is "227 Entering Passive Mode (x,x,x,x,215,36) " ( x.x.x.x is public IP of my FTP server, port is in the good range )

If i uncheck the "FTP Bounce protection" in the SMARTDEFENSE module, no more pb, so i think that all rules are fine, good port are open ..just this damned smartdefense pb.

anyone have i idea on this ? is it possible to correct something ? if possible, i'd prefer to reactivate this protection.

Sorry for my english ..i don't use it very often. Thanks in advance

Reply to
Loading thread data ...

Is this connection to your FTP server being NATed per chance? I could understand the problem if thats the case.

Reply to

SmartDefense doesn't like that my FTP put is public adresse in the PASV answer while it is in my DMZ with a private IP, it need that the FT Panswer with its private adresse and the CheckPoint swap private / public IP while PASV answer go across the FW.

Reply to

Thanks for the follow-up. I was wondering what it could be.

Take care,


Reply to
JJ Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.