From: O'Brien, Pat (Pat.Obrien@choicepoint.com)
Date: Tue Apr 01 2003 - 10:38:36 EST
I have discovered a checkpoint firewall bug whereas a reserved list of ports
for one tru 64 box can not be utilized by another. In other words, I have a
application on a system (system a) which has hardcoded ports identified
inside a firewall zone (zone a). When I ftp from a different system
(system b) in a different firewall zone ( zone b) to a third system (system
c) in a third zone (zone c), the return packet is assigned a random port
which by luck happens to be in the port range reserved on system a. Now
system b and c do not have this app, and do not care, but the firewall is
dropping the connect anyway. I am told this is a bug in our current version
of firewall software which is corrected in a more current version. Being
this upgrade is outside of my controll, my question is how to disable a
identifiable range of ports to prevent this issue which occurs most in ftp.
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:49:14 EDT