ws_ftp and SBS 2000 again!?

Discussion in 'Windows Small Business Server' started by Geoff Cox, Jun 8, 2005.

  1. Geoff Cox

    Geoff Cox Guest

    Hello,

    I have read Stefan's "FTP protocol challenges Firewall Security"
    article but am not sure what to do to allow ftp access to remote sites
    using SBS 2000 / ISA and the firewall client on the workstations ...

    Para 4.3 mentions user having access to the predefined FTP protocol
    definition and making sure that the FTP Application Filter is enabled
    ....

    I can see under Policy Elements for the ISA Server a Protocol
    definition which under the "defined by" heading has the entry
    "application filter" and uses port 21 for outbound.

    Under Access Policy the only Protocol Rule is for Backoffice Internet
    Access and there is nothing re FTP under IP Packet Filters ...

    In other words I am lost!!

    Cheers

    Geoff
     
    Geoff Cox, Jun 8, 2005
    #1
    1. Advertisements

  2. Geoff Cox

    Duncan McC Guest

    So you don't have FTP entries like this???

    http://homepages.paradise.net.nz/duncanm4/Clip_17.jpg

    My SS is for SBS 2000, ISA 2000 - and I have the IP Packet Filters
    currently disabled.
     
    Duncan McC, Jun 8, 2005
    #2
    1. Advertisements

  3. ISA should work with ftp and an ftp client right out of the box. Assuming
    the ISA firewall client is installed and enabled, I'd try playing with these
    settings on the Advanced tab in Internet Options (on the workstation):
    Enable folder view for FTP, Use Passive FTP.

    You might also try any settings in the FTP client relating to passive mode.

    You probably just have to experiment and find a combination that works.
    FWIW, last time I did this (with FTP Voyager, not wsftp) I enabled passive
    and disabled folder view.
     
    Dave Nickason [SBS MVP], Jun 8, 2005
    #3
  4. Geoff Cox

    Geoff Cox Guest

     
    Geoff Cox, Jun 9, 2005
    #4
  5. Geoff Cox

    Geoff Cox Guest

    Thanks Dave - will give it a try..

    Cheers

    Geoff
     
    Geoff Cox, Jun 9, 2005
    #5
  6. Geoff Cox

    Duncan McC Guest

     
    Duncan McC, Jun 9, 2005
    #6
  7. Geoff Cox

    Geoff Cox Guest

    Dave,

    Adding an FTP Protocol Rule to ISA has solved the problem!

    Cheers

    Geoff
     
    Geoff Cox, Jun 9, 2005
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.