Home page logo
/

basics logo Security Basics mailing list archives

RE: Checkpoint Firewall denying Explicit SSL
From: "TVB NOC" <tvbnoc () temeculavalleybank com>
Date: Fri, 7 Dec 2007 12:56:29 -0800

Check your smart defense settings, not sure exactly the area, but
somewhere in your settings I believe you will find FTP and SSL related
configurations. 

There is another area too, but I can not remember without looking at the
dashboard... Sorry!!!  

I will also see if I can locate your article too... 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Rob Thompson
Sent: Friday, December 07, 2007 12:40 PM
To: <
Subject: Checkpoint Firewall denying Explicit SSL

Hello list,

I hope that this is an okay place to post this thread.  I am really
not sure where else to go and I feel it'll be more productive than
trying to call Checkpoint.

I am running into a problem where I have a Checkpoint firewall that I
am being blocked by.  (It's our firewall that's doing the blocking...
Funny huh?)

I am attempting to connect to an Explicit SSL FTP server.  (Why
explicit???  Beats me, not nearly as secure as Implicit SSL.)

When I connect, the initial connection occurs fine and I am receiving
the initial response from the server that I am connecting to.  The
problem is the data connect is not being allowed out of my network.

I have done a little bit of research on this and found that there is a
bug with Checkpoint firewalls and SSL via FTP.  I was referred to
"Checkpoint support article sk9930" by a site that I Blackled.

Here's the problem, I can't find this article.  I tried to locate it
via Checkpoints site and either this article is too old and is no
longer posted or...well I can never really find anything through that
company...  Their site is, IMO, a true cluster....  Blackle/Yahoo - is
coming up with nothing.

Newho - is there anyone out there that has or can point me to a site
that has article SK9930?  I really would like to be able to help fix
this problem without having to call Checkpoint out here to fix a known
bad problem in their device.  Not to mention the hassle of trying to
even deal with them.

I'm sorry that this e-mail is so vague, I included what I think is
pertinent.  If you need further information, I will do my best to
provide what I can.

Thank you in advance for any help that can be provided...

-- 
Rob


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault