The PhoneBoy Blog


Simplifying Telecom, Mobile Phones, Gadgets, Health, and More!

FireWall-1 FAQ: Is there a better interface for Authenticated FTP?

Last Modified: 06 Jan 2002

Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.


I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.


If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)

As of 3.0b Build 3064, there is a new interface available by modifying or adding the appropriate line in the :props ( section of objects.C so it reads:

:new_ftp_interface (true)

This should make command line FTP’s a heck of a lot easier to do.

The Old FTP Interface

Under the old interface, let us assume you wanted to FTP to 172.29.0.44:

$ ftp 172.29.0.44 
Connected to 172.29.0.44. 
220 aftpd: Check Point FireWall-1 Secure FTP server running on mrhat 
Name (172.29.0.44:dwelch):

At this point, you have to enter a username of the following format

FTP Site User@FireWall-1 User@Remote Host

If both the FireWall-1 user and the FTP site user are the same, then you can enter the username in this format:

user@Remote Host

Name (172.29.0.44:dwelch): anonymous@[email protected] 
331 aftpd: FireWall-1 password: you can use password@FW-1-password 
Password:

The password is of the following format:

FTP Site Password@FireWall-1 Password

Note if either the username or password contains a @, you will then need to enter the @ twice as in the following example:

Password: dwelch@@phoneboy.com@abc123 
230-aftpd: User dwelch authenticated by FireWall-1 authentication 
230-aftpd: Connected to 172.29.0.44. Logging in... 
230-aftpd: 220 stinkpot Microsoft FTP Service (Version 3.0). 
230-aftpd: 331 Anonymous access allowed, send identity (e-mail name) as password. 
230 aftpd: 230 Anonymous user logged in. 
Remote system type is Windows_NT. 
ftp>

The New FTP Interface

Under the new interface, this is much simpler.

$ ftp 172.29.0.44 
Connected to 172.29.0.44. 
220 aftpd: Check Point FireWall-1 Secure FTP server running on mrhat 
Name (172.29.0.44:dwelch):

At this point, you have to enter a username of the following format

FireWall-1 User@Remote Host

Name (172.29.0.44:dwelch): [email protected] 
331 aftpd: FireWall-1 password: you can use FW-1-password

At this point, simply enter the FireWall-1 Password:

Password: abc123 (Note: Password is not echoed) 
230-aftpd: User dwelch authenticated by FireWall-1 authentication 
230-aftpd: Connected to 172.29.0.44. Logging in... 
230-aftpd: 220 stinkpot Microsoft FTP Service (Version 3.0). 
ftp>

You are now connected to the remote FTP server. Now you must login by using the ‘user’ command as follows:

ftp> user anonymous 
331 Anonymous access allowed, send identity (e-mail name) as password. 
Password: [email protected] (Note: Password is not echoed) 
230 Anonymous user logged in. 
ftp>

#Cybersecurity Evangelist, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.

(C) Dameon D. Welch All Rights Reserved
Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 United States License.
Don't hold my personal views against any past, present or future employers.
Offended? Stick your head in a barrel of shaving cream!
Powered by jekyll. Cosmo theme by Bootswatch.