Traditional Mode with User Authentication FTP traffic failing

SUPPORT CENTER
USER CENTER / PARTNER MAP
CYBER TALK FOR EXECUTIVES
THREAT INTELLIGENCE
UNDER ATTACK?
- We can help. Learn more about ThreatCloud Incident Response
RISK ASSESSMENT
MY ACCOUNT
- Phone
  
  General
  United States 1-800-429-4391
  International +972-3-753-4555
  
  Support
  24x7 Technical Support
  Americas: 1-972-444-6600
  International: +972-3-6115100
  Toll Free: 1-888-361-5030
- Locations
  
  United States
  Check Point Software Technologies Inc.
  959 Skyway Road
  Suite 300
  San Carlos, CA 94070
  MAP
  
  International
  Check Point Software Technologies Ltd.
  5 Ha'Solelim Street
  Tel Aviv 67897, Israel
  MAP
- Community
  CheckMates User Community
  Blog
- Chinese
- Japanese
- Russian

Support Center > Search Results > SecureKnowledge Details

Symptoms

Traditional Mode with User Authentication FTP traffic failing.
In aftpd.elg, see the following lines:
[aftpd 11489 2012637472]@GW-CSC[16 Nov 17:43:47] check_conn_entry_implied_rule: get_connection_entry succeeded, rule# = 3 , type = 1
[aftpd 11489 2012637472]@GW-CSC[16 Nov 17:43:47] vpn_conn_match_rb: rule_conn:
[aftpd 11489 2012637472]@GW-CSC[16 Nov 17:43:47] vpn_conn_match_rb: tab_conn:
[aftpd 11489 2012637472]@GW-CSC[16 Nov 17:43:47] vpn_conn_match_rb: exm_flags: 0
[aftpd 11489 2012637472]@GW-CSC[16 Nov 17:43:47] check_action: vpn_conn_match_rb_ex return with VPN_RULE_FAILURE
[aftpd 11489 2012637472]@GW-CSC[16 Nov 17:43:47] get_connection_entry: SRC=-1062724007 ,SPORT=1101 ,DST=1410216819 ,DPORT=21 ,IPP=6
Error message seen in SmartView Tracker:
"User authenticated, but not allowed to perform action: Content Security - access denied, For more details please refer to SecureKnowledge solution sk35510 "
Error message seen in FTP Console:
"421-user nirmu authenticated by firewall-1 authentication 421 you are not allowed to perform ftp to this destination connection close by remote host"

Solution

Note: To view this solution you need to Sign In .

THREAT INTELLIGENCE