FWTK to Firewall-1 telnet problem

[Bruno Treguier <Bruno.Treguier () shom fr>]

Hello guys,

This is my first posting in the list, I hope my question won't be too simple,
as I searched a bit before bothering you. ;-)

We've got a problem here with one of our users who has to access, from inside
our network, another site's network (ok, pretty common so far). Our firewall
is the FWTK, and the other site's is Checkpoint Firewall-1.

This user wants to access the remote site using telnet, and so goes thru our
firewall via tn-gw. The problem is that FW-1 and FWTK can't seem to agree
on which telnet options to use, and the connection ends up being in 
"linemode",
with no possibility to go back to character mode afterwards.

This behaviour is similar to the what is described in question #2.9.1 of
the FWTK FAQ.

Our user can, however, log into the remote network, the first strange thing 
he sees being his password appearing in cleartext on his screen (which is
pretty normal in line mode, but rather annoying)... But of course after that,
many things are broken, as most of the applications used need a character 
mode.

The strange thing is that we don't have any problem with tn-gw connecting
anywhere else, and on the other side, when the remote FW-1 is accessed
from something else than tn-gw (e.g. from an external site, without 
firewall),
everything is fine as well (fortunately, otherwise guys at CPS would have to
worry a lot :-) ).

So it's really a fwtk/FW-1 problem.

Has anyone already had the same problem and perhaps even solved it ?

If this is useful, I can post the "debug" sessions with all the options
negociated between tn-gw and the FW-1 telnet server.

Thanks for any info/pointer/else...

Regards,

Bruno
-- 
--   Service Hydrographique et Oceanographique de la Marine --- Service INF
--      13, rue du Chatellier ---  BP 426  --- 29275 Brest Cedex, FRANCE
--       Phone: +33 2 98 22 17 49  ---  Email: Bruno.Treguier () shom fr