The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Traditional Mode with User Authentication FTP traffic failing
Technical Level
Solution ID
sk115614
Technical Level
Product
IPSec VPN
Version
R77.30 (EOL)
Date Created
22-Jan-2017
Last Modified
09-Apr-2017
Symptoms
Traditional Mode with User Authentication FTP traffic failing.
In aftpd.elg, see the following lines:
[aftpd 11489 2012637472]@GW-CSC[16 Nov 17:43:47] check_conn_entry_implied_rule: get_connection_entry succeeded, rule# = 3 , type = 1
[aftpd 11489 2012637472]@GW-CSC[16 Nov 17:43:47] vpn_conn_match_rb: rule_conn:
[aftpd 11489 2012637472]@GW-CSC[16 Nov 17:43:47] vpn_conn_match_rb: tab_conn:
[aftpd 11489 2012637472]@GW-CSC[16 Nov 17:43:47] vpn_conn_match_rb: exm_flags: 0
[aftpd 11489 2012637472]@GW-CSC[16 Nov 17:43:47] check_action: vpn_conn_match_rb_ex return with VPN_RULE_FAILURE
[aftpd 11489 2012637472]@GW-CSC[16 Nov 17:43:47] get_connection_entry: SRC=-1062724007 ,SPORT=1101 ,DST=1410216819 ,DPORT=21 ,IPP=6
Error message seen in SmartView Tracker:
"User authenticated, but not allowed to perform action: Content Security - access denied, For more details please refer to SecureKnowledge solution sk35510 "
Error message seen in FTP Console:
"421-user nirmu authenticated by firewall-1 authentication
421 you are not allowed to perform ftp to this destination connection close by remote host"