Search This Blog

Tuesday, August 25, 2009

firewall-wizards Digest, Vol 40, Issue 8

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: Slow FTP transfers (Francois Yang)
2. Re: checkpoint authentication on external interface
(Francois Yang)


----------------------------------------------------------------------

Message: 1
Date: Mon, 24 Aug 2009 11:26:15 -0500
From: Francois Yang <francois.y@gmail.com>
Subject: Re: [fw-wiz] Slow FTP transfers
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<7a3963cb0908240926g511ac16do3cc14740dac00d3d@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

I've seen slow traffic due to the firewall trying to do many things
like checking for viruses, packet anomalies, etc...
Maybe there's some checks that works better or worst depending if the
ftp session is passive or not.

Frank


On Fri, Aug 21, 2009 at 7:43 AM, Behm, Jeff<jbehm@burnsmcd.com> wrote:
> On Thursday, August 20, 2009 12:19 PM, sky said:
>
>>I'm having an issue when ftp'ing (default port mode) large file
>>(50megs) to a remote server sitting behind FWSM. The transfer
>>gets real slow and at times just timeouts.
>
>>Any thoughts will be great.
>
> Any sort of packet shaper/QoS device between the endpoints?
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>

--
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked. ? White House Cybersecurity
Advisor, Richard Clarke


------------------------------

Message: 2
Date: Mon, 24 Aug 2009 11:21:58 -0500
From: Francois Yang <francois.y@gmail.com>
Subject: Re: [fw-wiz] checkpoint authentication on external interface
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<7a3963cb0908240921s38c0585cg1c18735a0796d0a5@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

I have looked at the implied rules and I do have an explicit rule to
deny all and I don't see anything that would allow this connection.
I even created a rule to block this and put it at the top and still
don't see any changes.

To answer the other emails, Yes, I'm sure I could put an ACL in the
front router to block access, but I was hoping to find a better
solution.

Frank

>>
>>
>
> Hi Frank,
> Even if the daemon is listening on the port, you still have to go through
> the rulebase to be able to connect.
> You should verify if the ports are allowed either in implied or explicit
> rules. (try to enable the logs on the implied rules
> for a short time to get some logs about the auth).
>
> I recommend to use explicit rules and allow only from explicit sources.
>
> I agree it's better if the daemon accepts connections only on internal IPs,
> but for this you have to ask checkpoint how to do.
>>
>> thanks
>>
>> Frank
>> _______________________________________________
>> firewall-wizards mailing list
>> firewall-wizards@listserv.icsalabs.com
>> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>>
>>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>

--
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked. ? White House Cybersecurity
Advisor, Richard Clarke


------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 40, Issue 8
***********************************************

No comments: