Solved

FTP on ISA 2004

Posted on 2006-06-26
6
743 Views
Last Modified: 2013-11-29
I'm running ISA 2004 as a proxy server (Single NIC configuration).  

HTTP is working fine, but I'm having problems w/ FTP.  The filter is enabled.  The port #'s are configured as 20 to 21 in my firewall rule. I have the firewall client installed on the PC.  The server can access FTP sites as normal, but not the clients.

The clients cannot access any FTP sites using advanced clients (FileZilla, FTP Commander).  Using IE, they can access anonymous sites if folder view is disabled.  They can also access sites w/ an ID/PW, but only if I embed them into the URL.  

From a command prompt, I get: Port 1745 – “Initiated Connection”, followed by another identical entry, but the next one is “Closed Connection”.
From an FTP client in Normal Mode, I get the same.  
If I use an FTP client in Passive Mode, I get: Port 1745 – Denied Connection.    

I've set up and enabled an 'allow' rule for port 1745 to/from all networks and all users.  


 

 
0
Comment
Question by:appmis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
6 Comments
 
LVL 9

Expert Comment

by:NYtechGuy
ID: 16987957

You also have to configure what ports are being used by passive FTP (PASV).  I am not sure how to do this in IIS, as I use a third party FTP program called Gene6 (http://gene6.com).  Frankly, its worth a look if you are interested - free trial and only $50 to purchase - and does SO MUCH more then the MS product.

Within the product you can configure what ports PASV uses, and what the PASV hostname/IP is.

THanks,

Justin
0
 

Author Comment

by:appmis
ID: 16993639
I'm trying to use Normal mode for FTP.  If I can get either to work, that would be progress.  I've tried 4 FTP clients (2 from Windows, 2 3rd party advanced clients).  When I bypass ISA they all work.  It's only when running behind ISA that they fail.  I put the info on passive mode in to be thorough, but it's not really the preferred method.  I'd like to use FTP w/ ISA w/o being restricted to a single client.  

0
 
LVL 9

Accepted Solution

by:
NYtechGuy earned 250 total points
ID: 16994042


appmis-

Here are a couple of helpful links, in case you haven't seen them.  Parent site looks like a great resource if you are using ISA.

I would suggest you 'whack' the FTP rules you have already created, and start from scratch with this step-by-step.



Publishing an FTP server on ISA Server:
http://www.isaserver.org/tutorials/Publishing_an_FTP_Server_on_ISA_Server.html

How the FTP server challenges firewall security
http://www.isaserver.org/articles/How_the_FTP_protocol_Challenges_Firewall_Security.html

0
 

Author Comment

by:appmis
ID: 16994442
I've read the bottom one before, but I'll check it out again.  Maybe something didn't click  The top one is for publishing a server to allow external clients inside.  I'm trying to get internal clients to the outside, though.  Thanks.  
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question