Re: Checkpoint Firewall denying Explicit SSL

[ChrisSerafin <chris () chrisserafin com>]

Turn off SmartDefense even if only in monitor mode. I have to do it all 
the time for clients.

Chris Serafin
Security Engineer



Rob Thompson wrote:
> Hello list,
>
> I hope that this is an okay place to post this thread.  I am really
> not sure where else to go and I feel it'll be more productive than
> trying to call Checkpoint.
>
> I am running into a problem where I have a Checkpoint firewall that I
> am being blocked by.  (It's our firewall that's doing the blocking...
> Funny huh?)
>
> I am attempting to connect to an Explicit SSL FTP server.  (Why
> explicit???  Beats me, not nearly as secure as Implicit SSL.)
>
> When I connect, the initial connection occurs fine and I am receiving
> the initial response from the server that I am connecting to.  The
> problem is the data connect is not being allowed out of my network.
>
> I have done a little bit of research on this and found that there is a
> bug with Checkpoint firewalls and SSL via FTP.  I was referred to
> "Checkpoint support article sk9930" by a site that I Blackled.
>
> Here's the problem, I can't find this article.  I tried to locate it
> via Checkpoints site and either this article is too old and is no
> longer posted or...well I can never really find anything through that
> company...  Their site is, IMO, a true cluster....  Blackle/Yahoo - is
> coming up with nothing.
>
> Newho - is there anyone out there that has or can point me to a site
> that has article SK9930?  I really would like to be able to help fix
> this problem without having to call Checkpoint out here to fix a known
> bad problem in their device.  Not to mention the hassle of trying to
> even deal with them.
>
> I'm sorry that this e-mail is so vague, I included what I think is
> pertinent.  If you need further information, I will do my best to
> provide what I can.
>
> Thank you in advance for any help that can be provided...
>
>