FTP over SSL traffic through Check Point Firewall

FTP over SSL traffic through Check Point Firewall.

In the middle of configuring our Check Point Firewall, suddenly one of our users can’t access to an FTP server on the internet. The error message is like below:

As you can see on picture above, there is an error message said “Check Point Firewall-1 Secure FTP server running on….”. After further investigation, Check Point Firewall can’t inspect the traffic since the FTP over SSL is encrypted. Because the traffic is encrypted, there is no way that Check Point Firewall could decide whether to block or allow the traffic.

The solution is we have to create two line of rules in order the FTP over SSL works well. The rule is like follow:

Where:

ftp-ssl-control  port is 990

ftp-ssl-data port is >1023, and the source port is 989

After inserting those two rules, then retest the FTP connection and it should resolve the problem. Please let us know if you are still facing the same problem.