Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

How can I stop checkpoint FTP server listening on public IP interface

I found that ftp command with public IP interface of the checkpoint gateway response all of the IP addresses on my public interface subnet. (Also with telnet port 21 command)

Although the connection close or timeout but it is still shown the message '220 Check Point FireWall-1 Secure FTP server running on XXX' when I try to using ftp x.x.x.x. 

I try to block this FTP access from internet by creating stealth rule for my public IP destination with FTP service. It's work. But I still don't know why the gateway response FTP connection like this and I want to disable it.

I'm using 4600 running R77.30 Gaia.

0 Kudos
2 Replies
Highlighted
Admin
Admin

Re: How can I stop checkpoint FTP server listening on public IP interface

What version of code?
Also what rules do you have that are specific to FTP?
Any of them with an action of User Auth or include a Resource (FTP->Something)?
0 Kudos
Highlighted
Gold

Re: How can I stop checkpoint FTP server listening on public IP interface

Check if you have defined a FTP-ressource and a rule with this ressource. This enables CheckPoints FTP SecureServer running like a HTTP-proxy.

FTP-ressource1.PNGFTP-ressource2.PNG