Manualshelf

User guide

ManualsBrandsCheck Point Software Technologies ManualsNetworkingSafe@Office 1000NW
919293949596979899100
The Safe@Office Firewall
Chapter 2: Safe@Office Security 81
Step
Channel
Type
Description
Source
TCP
Source
Port
Destination
TCP
Destination
Port
3 Data Client initiates data
connection to
server on port P
FTP
client
D > 1023 FTP server P
4 Data Server
acknowledges data
connection
FTP
server
P FTP client D
The following diagram demonstrates the establishment of a Passive FTP connection
through a firewall protecting the FTP server.
From the FTP server's perspective, the following connections are established:
Command connection from the client on a port greater than 1023, to the server
on port 21
Data connection from the client on a port greater than 1023, to the server on a
port greater than 1023
The fact that both of the channels are established by the client presents a challenge for the
firewall protecting the FTP server: while a firewall can easily be configured to identify
incoming command connections over the default port 21, it must also be able to handle
incoming data connections over a dynamic port that is negotiated randomly as part of the
Figure 21:
Establishment of Passive FTP Connection