User Manual Part 1
Table Of Contents
- Check Point Safe@Office User Guide 8.0
- Copyright & Trademarks
- Contents
- About This Guide
- Introduction
- About Your Check Point Safe@Office Appliance
- Safe@Office 500 Product Family
- Product Features
- Wireless Features
- Optional Security Services
- Software Requirements
- Getting to Know Your Safe@Office 500 Appliance
- Getting to Know Your Safe@Office 500W Appliance
- Getting to Know Your Safe@Office 500 ADSL Appliance
- Getting to Know Your Safe@Office 500W ADSL Appliance
- Contacting Technical Support
- Safe@Office Security
- Installing and Setting Up Safe@Office
- Getting Started
- Configuring the Internet Connection
- Managing Your Network
- Using Bridges
- Configuring High Availability
- Using Traffic Shaper
- Working with Wireless Networks
- Viewing Reports
- Viewing Logs
- Setting Your Security Policy
The Safe@Office Firewall
42 Check Point Safe@Office User Guide
The following diagram demonstrates the establishment of a Passive FTP connection
through a firewall protecting the FTP server.
From the FTP server's perspective, the following connections are established:
• Command connection from the client on a port greater than 1023, to the server
on port 21
• Data connection from the client on a port greater than 1023, to the server on a
port greater than 1023
The fact that both of the channels are established by the client presents a challenge for the
firewall protecting the FTP server: while a firewall can easily be configured to identify
incoming command connections over the default port 21, it must also be able to handle
incoming data connections over a dynamic port that is negotiated randomly as part of the
FTP client-server communication. The following table examines how different firewall
technologies handle this challenge:
Figure 11: Establishment of Passive FTP Connection