appmis
asked on
FTP on ISA 2004
I'm running ISA 2004 as a proxy server (Single NIC configuration).
HTTP is working fine, but I'm having problems w/ FTP. The filter is enabled. The port #'s are configured as 20 to 21 in my firewall rule. I have the firewall client installed on the PC. The server can access FTP sites as normal, but not the clients.
The clients cannot access any FTP sites using advanced clients (FileZilla, FTP Commander). Using IE, they can access anonymous sites if folder view is disabled. They can also access sites w/ an ID/PW, but only if I embed them into the URL.
From a command prompt, I get: Port 1745 – “Initiated Connection”, followed by another identical entry, but the next one is “Closed Connection”.
From an FTP client in Normal Mode, I get the same.
If I use an FTP client in Passive Mode, I get: Port 1745 – Denied Connection.
I've set up and enabled an 'allow' rule for port 1745 to/from all networks and all users.
HTTP is working fine, but I'm having problems w/ FTP. The filter is enabled. The port #'s are configured as 20 to 21 in my firewall rule. I have the firewall client installed on the PC. The server can access FTP sites as normal, but not the clients.
The clients cannot access any FTP sites using advanced clients (FileZilla, FTP Commander). Using IE, they can access anonymous sites if folder view is disabled. They can also access sites w/ an ID/PW, but only if I embed them into the URL.
From a command prompt, I get: Port 1745 – “Initiated Connection”, followed by another identical entry, but the next one is “Closed Connection”.
From an FTP client in Normal Mode, I get the same.
If I use an FTP client in Passive Mode, I get: Port 1745 – Denied Connection.
I've set up and enabled an 'allow' rule for port 1745 to/from all networks and all users.
ASKER
I'm trying to use Normal mode for FTP. If I can get either to work, that would be progress. I've tried 4 FTP clients (2 from Windows, 2 3rd party advanced clients). When I bypass ISA they all work. It's only when running behind ISA that they fail. I put the info on passive mode in to be thorough, but it's not really the preferred method. I'd like to use FTP w/ ISA w/o being restricted to a single client.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've read the bottom one before, but I'll check it out again. Maybe something didn't click The top one is for publishing a server to allow external clients inside. I'm trying to get internal clients to the outside, though. Thanks.
You also have to configure what ports are being used by passive FTP (PASV). I am not sure how to do this in IIS, as I use a third party FTP program called Gene6 (http://gene6.com). Frankly, its worth a look if you are interested - free trial and only $50 to purchase - and does SO MUCH more then the MS product.
Within the product you can configure what ports PASV uses, and what the PASV hostname/IP is.
THanks,
Justin