ISA 2004 & FTP

Posted on 2006-04-27
Last Modified: 2013-11-16
We have an ISA 2004 box running on top of Server 2003 Enterprise controlling traffic at our high school.  The church side of the organization needs to send the pastor's sermons to an FTP site so it can be put on the WEB for streaming.

We cannot write to the FTP site and receive the following error message.

200 Type set to I.
200 PORT command successful
550 Access Denied

Now, I know what your' gonna's a permission issue, but the FTP worked fine before ISA and only stopped working after ISA.  Our host tells us the FTP site is dedicated to us and it has remained static for the last year that we've been uploading sermons there.

The first thing we did was turn off passive mode under IE and that made no difference.

So the host tells us to open ports 1024 thru 6553 on our ISA FTP rule, which we did, but that made no difference.  We tested two other FTP sites (sites we control) and received the same error.  Off site, we can access the FTP site fine but our off site test bed is not behind an ISA box.

We created a rule, just to test, and set it to rule #1, and opened up ALL FTP traffic on ALL ports and got nothing.

I would go back to my host and tell them it's their issue, but I can't write to any other FTP sites that I know work.

Any ideas?


Question by:crp0499
    LVL 51

    Accepted Solution

    right-click your rule that is allowing the ftp and select configure ftp. Put a tick in the box that says allow upload or remove the tick that states read-only.

    The ftp filter in ISA server 2004 and ISA server 2006 (by default) is download/read only.
    LVL 51

    Expert Comment

    by:Keith Alabaster
    PS. Once you have it working again, close all those additional ports you have opened as they are not necessary; just a security risk. ISA operates by opening dynamically the secondary ports using the high-port number stipulated by the ftp server you are contacting.



    Author Comment

    It's problems like, it's SOLUTIONS like this, that make me think I should have been a mortician!

    We spent 40 minutes on this one yesterday and the solution was so simple.

    Thanks Keith.

    LVL 51

    Expert Comment

    by:Keith Alabaster
    No problem and you are very welcome.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
    The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now