Checkpoint firewalls have 3 means of transferring files in/out – ftp (client ) , SCP and SFTP (haven’t tried it yet) .
At some stage of the debug/upgrade process you will have to move files in either direction. The most secure is SCP protocol. On windows platforms picking the GUI SCP client is not hard – you only have WinSCP as your choice. And being otherwise reliable and easy to use software it just doesn’t work with Checkpoint many times. To fix this is easier than you can think of.
But first few prerequisites:
To allow SCP connection to the firewall you have to :
– create file named /etc/scpusers
– add to it user per line – with which user you will be connecting for SCP session
– make sure that for this user(s) shell is set to /bin/bash in /etc/passwd file
– and of course allow SSH protocol connection from your host to the firewall.
After all the above done you connect using WinSCP, all goes well, try to download some file and …
Error happens…
The easiest way (and the only one I found so far ) is to .. NOT use WinSCP but instead use wonderful
software PSCP from Putty author that doesn’t have GUI but works flawlessly with Checkpoint.
Download it here www.chiark.greenend.org.uk/~sgtatham , read instructions and have no regrets ever after.
Follow me on Twitter
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.