Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ruan_Kotze
Advisor

Check Point FTP server listening on SSH Port

Hi All,

We recently picked up an issue where we couldn't establish SSH connections to our gateways anymore.  I confirmed policies were in place to allow SSH connections from our jumpbox, also the jumpbox is confirmed to be a trusted host.

As part of troubleshooting I did a telnet to the gateway IP on port 22 and it responded with "220 Check Point FireWall-1 Secure FTP server".  I compared this to another working gateway, which responded with "SSH-2.0-OpenSSH_7.8".  Why would an FTP server be listening on the SSH port?

I did some research, and apparently this can be caused by a combination of having a FTP resource defined and using that resource in a policy.  This is not the case for me.  I also confirmed that fwauthd.conf has FTP listening on TCP 21.

I've got a ticket open with TAC for this, but was wondering if anyone else ran across this.  I'm running R80.40 Take 48 on the affected gateways.

Thanks,
Ruan

0 Kudos
4 Replies
HristoGrigorov

Open terminal connection from Web Portal and run this command to check what is listening on port 22:

# lsof -i :22

0 Kudos
Ruan_Kotze
Advisor

Hi Hristo,

Thanks for the response.  Interestingly enough, it shows that sshd is listening (screen shot attached).

-Ruan

0 Kudos
HristoGrigorov

No idea why would FTP security server listen on port 22 but you could eventually try to move ssh service on port 2222 (for example).

0 Kudos
PhoneBoy
Admin
Admin

The Security Servers are deprecated and shouldn't ever be used/activated unless you have a Resource rule defined.
Sounds like a bug to me.
As a workaround, you can probably comment out the relevant line in $FWDIR/conf/fwauthd.conf and install policy.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events