Zip Component, Email Component, Encryption Component ActiveX Control for Zip Compression .NET Components for ASP.NET
ActiveX and .NET Components for Zip Compression, Encryption, Email, XML, S/MIME, HTML Email, Character Encoding, Digital Certificates, FTP, and more ASP Email ActiveX Component

Index of Chilkat Blog Posts

July 19, 2007

Issue with Checkpoint Firewall and FTP

If your FTP server is located behind a Checkpoint firewall, you may have experienced trouble with FTP clients trying to transfer files to/from it. The issue happens both with Chilkat and other FTP clients (such as WS_FTP).

The issue has to do with this error: "PORT command ended without new line"

The Checkpoint firewall demands every FTP control packet to end with a new-line character. Although the FTP client is sending commands properly terminated by a CRLF, it’s possible that the command arrives in separate TCP/IP packets.

The FTP service definition in FireWall-1 can be modified to allow packets without new line characters. To do this, it is necessary to modify the $FWDIR/lib/base.def file on the Management station to turn off the new-line characters check.

Comment out this line in base.def:


change this to:

// #define FTP_ENFORCE_NL

NOTE: This line disables an FTP Security check, and therefore reduces the level of security provided by the firewall. However, an alternative check happens if this line is present:


If it exists, it is safe to comment out the "FTP_ENFORCE_NL" line without reducing the level of security.

NOTE: The Chilkat last-error log will not explicitly show an error that indicates "port command not ended with newline", but will instead show something such as:

SOCKET_ERROR: An existing connection was forcibly closed by the remote host.

Privacy Statement. Copyright 2000-2011 Chilkat Software, Inc. All rights reserved.
Send feedback to

Components for Microsoft Windows XP, 2000, 2003 Server, Vista, Windows 7, and Windows 95/98/NT4.