- CheckMates
- :
- Products
- :
- Quantum
- :
- Threat Prevention
- :
- inspect FTPS ?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
inspect FTPS ?
Are there any solutions to inspect incoming FTPS like SSH/SFTP inspection SSH Deep Packet Inspection ?
2 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I an only find this and that DLP will make it drop:
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not that I know of. You are pretty much stuck punching open ports TCP 1024-65535 between the FTPS client and server, as the firewall cannot see which dynamic port is allocated for the data connection inside the encrypted control connection. This is a very old discussion at CPUG but sums up the issue pretty well:
https://www.cpug.org/forums/showthread.php/108-FTP-over-SSL-fails-with-VPN-1-FireWall-1
Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
now available at maxpowerfirewalls.com