This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ruan_Kotze
Advisor
‎2020-06-23 03:47 AM

Check Point FTP server listening on SSH Port

Hi All,

We recently picked up an issue where we couldn't establish SSH connections to our gateways anymore.  I confirmed policies were in place to allow SSH connections from our jumpbox, also the jumpbox is confirmed to be a trusted host.

As part of troubleshooting I did a telnet to the gateway IP on port 22 and it responded with "220 Check Point FireWall-1 Secure FTP server".  I compared this to another working gateway, which responded with "SSH-2.0-OpenSSH_7.8".  Why would an FTP server be listening on the SSH port?

I did some research, and apparently this can be caused by a combination of having a FTP resource defined and using that resource in a policy.  This is not the case for me.  I also confirmed that fwauthd.conf has FTP listening on TCP 21.

I've got a ticket open with TAC for this, but was wondering if anyone else ran across this.  I'm running R80.40 Take 48 on the affected gateways.

Thanks,
Ruan

0 Kudos
4 Replies
HristoGrigorov
Mentor
Mentor
‎2020-06-23 04:10 AM

Open terminal connection from Web Portal and run this command to check what is listening on port 22:

# lsof -i :22

0 Kudos
Ruan_Kotze
Advisor
‎2020-06-23 05:01 AM
In response to HristoGrigorov

Hi Hristo,

Thanks for the response.  Interestingly enough, it shows that sshd is listening (screen shot attached).

-Ruan

Preview file
14 KB
0 Kudos
HristoGrigorov
Mentor
Mentor
‎2020-06-23 05:44 AM
In response to Ruan_Kotze

No idea why would FTP security server listen on port 22 but you could eventually try to move ssh service on port 2222 (for example).

0 Kudos
PhoneBoy
Admin
Admin
‎2020-06-23 10:03 AM

The Security Servers are deprecated and shouldn't ever be used/activated unless you have a Resource rule defined.
Sounds like a bug to me.
As a workaround, you can probably comment out the relevant line in $FWDIR/conf/fwauthd.conf and install policy.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events