ISA 2004 & FTP

Posted on 2006-04-27
Medium Priority
Last Modified: 2013-11-16
We have an ISA 2004 box running on top of Server 2003 Enterprise controlling traffic at our high school.  The church side of the organization needs to send the pastor's sermons to an FTP site so it can be put on the WEB for streaming.

We cannot write to the FTP site and receive the following error message.

200 Type set to I.
200 PORT command successful
550 Access Denied

Now, I know what your' gonna say...it's a permission issue, but the FTP worked fine before ISA and only stopped working after ISA.  Our host tells us the FTP site is dedicated to us and it has remained static for the last year that we've been uploading sermons there.

The first thing we did was turn off passive mode under IE and that made no difference.

So the host tells us to open ports 1024 thru 6553 on our ISA FTP rule, which we did, but that made no difference.  We tested two other FTP sites (sites we control) and received the same error.  Off site, we can access the FTP site fine but our off site test bed is not behind an ISA box.

We created a rule, just to test, and set it to rule #1, and opened up ALL FTP traffic on ALL ports and got nothing.

I would go back to my host and tell them it's their issue, but I can't write to any other FTP sites that I know work.

Any ideas?


Question by:crp0499
  • 3
LVL 51

Accepted Solution

Keith Alabaster earned 2000 total points
ID: 16559639
right-click your rule that is allowing the ftp and select configure ftp. Put a tick in the box that says allow upload or remove the tick that states read-only.

The ftp filter in ISA server 2004 and ISA server 2006 (by default) is download/read only.
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16559653
PS. Once you have it working again, close all those additional ports you have opened as they are not necessary; just a security risk. ISA operates by opening dynamically the secondary ports using the high-port number stipulated by the ftp server you are contacting.



Author Comment

ID: 16562492
It's problems like this...no, it's SOLUTIONS like this, that make me think I should have been a mortician!

We spent 40 minutes on this one yesterday and the solution was so simple.

Thanks Keith.

LVL 51

Expert Comment

by:Keith Alabaster
ID: 16564060
No problem and you are very welcome.


Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question