The PhoneBoy Blog


Simplifying Telecom, Mobile Phones, Gadgets, and More!

FireWall-1 FAQ: Is there a better interface for Authenticated FTP?

Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.


I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.


If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)


As of 3.0b Build 3064, there is a new interface available by modifying or adding the appropriate line in the :props ( section of objects.C so it reads:

:new_ftp_interface (true)

This should make command line FTP's a heck of a lot easier to do.

The Old FTP Interface

Under the old interface, let us assume you wanted to FTP to 172.29.0.44:

$ ftp 172.29.0.44 
Connected to 172.29.0.44. 
220 aftpd: Check Point FireWall-1 Secure FTP server running on mrhat 
Name (172.29.0.44:dwelch):

At this point, you have to enter a username of the following format

FTP Site [email protected] [email protected] Host

If both the FireWall-1 user and the FTP site user are the same, then you can enter the username in this format:

[email protected] Host

Name (172.29.0.44:dwelch): [email protected]@172.29.0.44 
331 aftpd: FireWall-1 password: you can use [email protected] 
Password:

The password is of the following format:

FTP Site [email protected] Password

Note if either the username or password contains a @, you will then need to enter the @ twice as in the following example:

Password: [email protected]@[email protected] 
230-aftpd: User dwelch authenticated by FireWall-1 authentication 
230-aftpd: Connected to 172.29.0.44. Logging in... 
230-aftpd: 220 stinkpot Microsoft FTP Service (Version 3.0). 
230-aftpd: 331 Anonymous access allowed, send identity (e-mail name) as password. 
230 aftpd: 230 Anonymous user logged in. 
Remote system type is Windows_NT. 
ftp>

The New FTP Interface

Under the new interface, this is much simpler.

$ ftp 172.29.0.44 
Connected to 172.29.0.44. 
220 aftpd: Check Point FireWall-1 Secure FTP server running on mrhat 
Name (172.29.0.44:dwelch):

At this point, you have to enter a username of the following format

FireWall-1 [email protected] Host

Name (172.29.0.44:dwelch): [email protected] 
331 aftpd: FireWall-1 password: you can use FW-1-password

At this point, simply enter the FireWall-1 Password:

Password: abc123 (Note: Password is not echoed) 
230-aftpd: User dwelch authenticated by FireWall-1 authentication 
230-aftpd: Connected to 172.29.0.44. Logging in... 
230-aftpd: 220 stinkpot Microsoft FTP Service (Version 3.0). 
ftp>

You are now connected to the remote FTP server. Now you must login by using the 'user' command as follows:

ftp> user anonymous 
331 Anonymous access allowed, send identity (e-mail name) as password. 
Password: [email protected] (Note: Password is not echoed) 
230 Anonymous user logged in. 
ftp>

C-List #Cybersecurity Celebrity, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.