Problem with FTP server, in a semi-complex network scenerio that involves: ISA2000, ISA2004, AIX, and Nokia IP330 CheckPoint firewall.
Posted on 2007-10-17
Our Current Environment - for the sake of this problem:
- ISA 2000 Server
- AIX 4.3.3 Server - running an FTP daemon
- Nokia IP330 CheckPoint firewall
Our AIX server runs our business's core application, it also runs an FTP daemon. This server is multihomed, on one NIC is statically assigned for our 38.213.5.x/24 network which is our internal production network, while the other is setup for our 38.213.10.x/24 network which is a separate network, but production none-the-less.
The 126.96.36.199/24 connection is attached to our internal production network - which is secured on the perimeter by an ISA 2000 firewall - this is our ONE pathway to the internet. While our 188.8.131.52/24 connection is directly attached to a Nokia IP330 CheckPoint firewall appliance. On this other side of the CheckPoint firewall is a customer's frame connection. Our customer comes over their frame connection, through the checkpoint firewall, perform FTP puts and FTP gets in a directory on our AIX server.
Right now, we're under the assumption that our AIX server is acting as a bridge. We've discussed changing the default gateway, but it was ruled out since we don't house an AIX guru.
Here's the problem:
When our ISA 2000 firewall goes down, our client cannot FTP into our server.
Furthermore, we're actively working on an ISA 2000 to ISA 2004 firewall migration and discovered that when we cut-over to our ISA2004 server, our customer is not able to do any FTP puts/gets. This doesn't make sense when we look at it on the surface since the 38.213.10.x network is not defined on any of our internal production routers. Looking at this from above, it looks like everything "should just work."
Where should we start to look, and how do we get this to work?
Please let me know if you need any more info.