Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Cannot Access FTP Download Sites Through ISA Server 2004

Posted on 2007-09-28
11
Medium Priority
?
2,183 Views
Last Modified: 2013-11-29
Greetings, I have recently installed an ISA 2004 Server. I need to access several FTP sites to download
updates for products that I am using. In particular I am trying to access Supermicro's FTP download site in order to get the latest drivers for my Servers. The sie is: ftp://ftp.supermicro.com/ 
The message I get is: "Windows cannot access this folder. Make sure you typed the file name correctly
and that you have permission to access the folder. Details: The connection with the server was reset.
I have a rule for FTP but apparantly it does not work. Please advise as to the best way to implement the use of FTP sites with ISA 2004. Server is W2003 w/ISA 2004, desktops are XP sp2.
0
Comment
Question by:gpfrank
  • 5
  • 4
  • 2
11 Comments
 
LVL 20

Expert Comment

by:What90
ID: 19982331
You need to make a change to the FTP rule to turn off the read only setting.
Here's an excellent guide how to do that:


http://www.elmajdal.net/ISAServer/Allowing_FTP_Uploads_Through_ISA_Server_2004_2006.aspx
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 19983180
Not sure why you think that would help or be relevant here.  The read-only tab stops users uploading files TO the ftp site; it does not affect the viewing or the downloading capabilities.

Service pack 3 for ISA has been available for quite some time so I would suggest that you installed that anyway.

When you go to the ftp site you have posted in your question through the browser, do you actually see the list of files and folders displayed?

Open the ISA gui, select monitoring - logging - click start query.
Attempt the ftp access and download. What do yoiu see in the ISA realtime log?
If you have installed the ISA sp3, you will see (at the bottom of the ISA monitoring screen) an option for additional info. Click this and you will see that you can see extra info like headers, client info etc which may give you a pointer.
In the log, do you get a deny error?

Where are you FTP'ing from? The ISA server itself?
What is the ISA FTP rule you have in place?
On the ISA FTP access rule, have you included internal & local host in the from field?
Do you get the same error from any internal client?
0
 
LVL 20

Expert Comment

by:What90
ID: 19983319
@Keith -

Ran in to a simliar problem where a text file was being uploaded as part of a sign on for a particular ftp client to certain ftp sites. Though it was worth a try to at least discount the option :-)
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 19983529
Fair one - not heard of that issue or come across it :)
0
 

Author Comment

by:gpfrank
ID: 19986950
Thanks for the replies :)  OK, Let me make clear that I am not running an FTP Server. I am also not uploading to an FTPsite.
What I am trying to do is download from an FTP site.
When I return to work on Monday, I will install sp3. And run the logging. I will also note the rule.
I am trying to connect to the site from my desktop pc. I never get to see any files or folders, I just get the message. This was working on the old ISA 2000 server, so I am reasonably sure that it is incidental to
the new ISA 2004 install. Thanks again.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 19987295
I refer you to my questions above regarding how you have implented the rules?
0
 

Author Comment

by:gpfrank
ID: 19993473
OK, I got it to work by changing the options in I.E. Internet Options, Advanced, Browsing, Unchecked Enable Folder View, also checked Use Passive FTP. Funny thing, this time I WAS able to see the folders before I changed the settings. However, it still timed out until I did the above. I also installed SP3 :)
    OK, now can anyone tell me if this rule I created is a good one, or too general. Here it is:
Rule name: Inbound FTP Traffic, Action:Allow; Protocols, Selected, FTP w/default settings; From: Internal & Local Host;  To:External;  Users:All;  Anytime; All Types. Should I restrict to Authenicated Users only? Should I restrict to the Group Staff? (that is the teachers group) I am at a school. I would like to keep this as tight as I can. Thanks again.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 19994139
The rule name should really be outbound ftp as inbound is coming from external to internal.
only allow ftp from local host if the ISA server is also an ftp client getting to the external ftp site.
The tighter you can make the accwess group the better so yes - teachers only OR make an ftp group in the rule so you can add/remove any user or ad group as required without having to amend the ISA rule all the time. you want
0
 

Author Comment

by:gpfrank
ID: 20009893
Hello to all, did not get to work yesterday. New car issue. Today I was too busy. Will perform rule mods on Thursday. So far so good. Should close this on Thursday. Thanks again.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20010310
Welcome :)
0
 

Author Comment

by:gpfrank
ID: 20066845
Thanks to all who contributed to this.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A few months ago I attended the Rocky Mountain IPv6 Summit which was a two-day educational event; it was the 3rd annual conference held here in Denver, Colorado that was held at the Hyatt Regency Denver at the Colorado Convention Center. It was an e…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month13 days, 5 hours left to enroll

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question