I am behind a Checkpoint Firewall and am using CoreFTP to connect to an FTP server. I can connect using SSH no problem but I cannot connect using SSL. I get this error on CoreFTP
"34 AUTH Command OK. Initializing SSL connection.
SSL/TLS error - 0, SSL error - 5
SSL Connection not established"
If I look on my Checkpoint logs I see the problem, it drops the packets with the following info: "Port command ended without a new line"
I can get around the problem by changing the FTP service on my firewall from FTP to FTP_BASIC but this has the following drawbacks;
"ftp_basic" DOES NOT perform the following checks implemented in the standard FTP service object:
1) Every packet is terminated with a newline character, so the PORT command is not split across packets. This protects against FTP Bounce attack.
2) Data connections to or from well-known ports are not allowed, to prevent FTP data connection being used to access some other service.
3) Bidirectional traffic on data connection is not allowed, as it can be used improperly.
So....Is there some way of changing the way CoreFTP connects to overcome this problem. I need to allow other companies to connect to my Secure FTP server using CoreFTP but I do not want to allow FTP_Basic connections along with the vulnerabilities above.
Please Help!
SSL and Checkpoint FW
Hi, sorry for the long delay. I have ammended the base.def file as you recommended buy commenting out "FTP_ENFORCE_NL. Now the Checkpoint does not drop the ftp connection. When I try the connection the certificate screen comes up and I can accept it but then I get the following error on Core FTP.
"SSL/TLS error -0 SSL error -1
"SSL Connection not established"
I see no errors on my Checkpoint firewall logs and I also see no errors on the Firewall that the Secure FTP server sits behind. (Sonicwall)
I am confident that the SecureFTP server is working correctly as I can use CoreFTP from a dial-up connection with no problems.
Please help
Many thanks in advance.
"SSL/TLS error -0 SSL error -1
"SSL Connection not established"
I see no errors on my Checkpoint firewall logs and I also see no errors on the Firewall that the Secure FTP server sits behind. (Sonicwall)
I am confident that the SecureFTP server is working correctly as I can use CoreFTP from a dial-up connection with no problems.
Please help
Many thanks in advance.