|
Posted by jorain on March 21, 2005, 11:52 am
If you were Registered and logged in, you could reply and use other advanced thread options
Last week we experienced a problem which we found to be caused by an
automatic update of our Checkpoint VPN-1 Edge X's firmware.
It was factory-loaded as:
Firmware Version 4.5.39x
Hardware Type SBox-200
Hardware Version 1.0
Installed Product VPN-1 Edge X (Unlimited nodes)
One morning we received the news that all our remote employees were no
longer able to connect to a propriatary 3rd party Voxco-server at the
office.
After some packet sniffing in a recreated environment we found that
this software simply failed at transferring data by passive FTP to the
Voxco-server.
The firewall-rules seemed correct and unaltered.
When we tried to connect from an identical 'remote' client-laptop to
our own ftp-servers (IIS and FreeBSD) both passive and active
connections worked without a problem. Only connecting (passv) to that
specific server failed.
Now the tricky bit : using the same Voxco-client software from within
the LAN posed no problem. So it was not just a problem with that
service !
After quite a bit of systematic troubleshooting, we noticed that the
firmware of our Checkpoint VPN-1 Edge X had been automatically
upgraded to a 5-series firmware.
We did a factory-reset, recreated the exact same firewall rules: and
the problem was gone.
Just to be sure we recreated the problem by upgrading it once more.
And the problem re-appeared.
Conclusion: as soon as we upgrade our device to the latest firmware,
it blocks some (not all) passive FTP-connections, eventhough we set up
correct forwarding rules.
-- jorain
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map