Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

ISA 2004 + FTP - need to know how to allow and allow folder view  ****Users Standing By****

Posted on 2007-11-20
18
Medium Priority
?
1,050 Views
Last Modified: 2013-12-02
Hey everyone,

I just started this new job about a month ago and I'm learning all of the crazy stuff that the manager has done while there wasn't enough help around.

ISA 2004 is the Proxy for the entire network...and I've got people in other states that need to be allowed FTP access.

On the ISA box, I've created a rule that states:

|       Action        |  Protocols             |   From / Listener          |       To                  |     Condition      |
---------------------------------------------------------------------------------------------------------------------------
|       Allow          | FTP, FTP Server    |  All Networks               |   All Networks      |      All Users       |

It's at the top of the list in the Firewall Policy and I've "Unchecked" the "Allow Read Only" check box so people can drag and drop files on remote FTP servers.

Problem is that I still need to access the FTP servers via:
ftp://username:password@FQDN

and it won't allow me to switch to folder view from IE.

What might I be missing...I appreciate everyone's help in advance because everyone here is so great!!!

Thanks,
inverted
0
Comment
Question by:inverted_2000
  • 13
  • 5
18 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20322820
ISA does not control the view - it just controls the data flows.
What do you think ISA is blocking?

The folder view is normally set within the advanced options inside the browser.
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 20322963
It's not just the view...I need to access FTP folder across the Public Internet:

check this out...if I go to a known public FTP server in my city across the public internet via:
ftp://69.xx.xxx.xxx

I Get:
Technical Information (for support personnel)
Error Code: 502 Proxy Error. The login request was denied. The logon account might have been disabled or logon information might have changed. Log on again to verify that the information was typed correctly. If the problem continues, report the problem to the administrator of the Internet server you are requesting. (12015)
IP Address: 69.xx.xxx.xx
Date: 11/20/2007 8:32:12 PM
Server: mydomain.com
Source: proxy


So the above states that anonymous access isn't allowed:

so I try:
ftp://username:password@69.xx.xxx.xx

with a known account on that server and it accesses the FTP list in list view.

If I try to switch to folder view it states that it isn't allowed.

Where else is ISA blocking folder viewing and anonymous access to FTP sites?

0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 20323035
Ah - So you are trying to pass the credentials with the command? Are you using ISA as a firewall also?

If yes, and you are getting that error, it suggests that you have not deployed the ISA firewall client. This is the utility that passes the credentials to ISA server.

If no, then add that specific url to the exceptions tab in the browser

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Author Comment

by:inverted_2000
ID: 20323062
I really don't won't to have to pass the creds with a URL command...all I really want...as do my users...is to see the folder view so we can drag and drop folders in remote FTP locations.

do I need the ISA client?  I don't know if that was rolled out or not.  How might I see if it is?

Thanks a bunch (o;
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 20323130
Oh sorry...I guess ISA is a firewall too...the firewall service is running on the ISA box...I was under the impression that it was just a proxy, but I have confirmed that it is also a firewall.
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 20323243
I loaded Filezilla Client on my laptop too.

That doesn't even come close to connecting to the outside FTP source.  I guess once a client such as that connects, I'll know that everything is okay.

How might I go about this?
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 20323424
Under the Application Filters...I disable the FTP Access Filter...will that resolve it after I restart the services?

0
 
LVL 2

Author Comment

by:inverted_2000
ID: 20323587
I do what they say here...and it doesn't work:
http://www.microsoft.com/technet/isa/2000/maintain/isaftpci.mspx

I can folder view and write to public FTP folders from the ISA server itself...because the rules don't apply to itself...but none of the clients can use FileZilla or folder view FTP sites.

Please someone layout the configuration for this FTP rule in ISA for me.

Thanks people,
inverted
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20324819
If it is deployed, you will see the icon in the bottom right corner of the client.

0
 
LVL 2

Author Comment

by:inverted_2000
ID: 20327317
I don't see it...the XP and Vista firewalls are OFF via GPO's.

Do I push the package from ISA or can I install it from the install disc / download?

Thanks
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 20327411
I got the client...gosh everytime I come back to ISA I hate it a little more.  Other then SBS2003...where it's a nice thing to have included...what kind of manager do I have that uses it as a corporate proxy.

Let me see what theis "client" does for me.

Thanks
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 20327553
I can now ping the isa server and view it's shared folders.

How do I get the client to connect.  It fails to automatically find the server and when I direct it to the server name it also fails.

Almost there !!!  

(o:
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20330404
ISA Server is likely the best layer 3 firewall/layer 7 application gateway on the market. No offence but it is a specialist product - it is not an out-of-the-box-solution. When it is configured correctly 6there is nothing to compare.

Open the ISA GUI, select configuration - networks - internal properties - Check the firewall client tab - have you configured this?
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 20330984
No offense taken keith...I know it's a highly customizable, but it's still a MS product and a lot of code to make it look fancy and expensive...I'm a Cisco or Linux guy for any routing/firewalling stuff, though I have a lot more ISA experience then I might had let to believe.  I've never needed the firewall client before, and it turns out I don't in this case either.  I personally don't like it because of its nature and I've never believed MS should control this stuff, though I loved it in SBS2003 which made me more money by reducing the rollout cost to my clients.  I am however excited for some reason to be a part of the IAG 2007 rollout that we're going to give a shot at.  I think I'll be a lot happier with the controls.

I do however have MS on the phone with my premire support agreement...and 6 hours later and he's just now seeing some corruption!!!  ISA isn't even picking up traffic on port 21...netmon is blank...ISA monitoring on 21 is empty...though it is producing logs on every other port???!!!???  So you can stick up for old ISA all you want, but I've got 500 users that lost most of the work day because of it.  I could have uninstalled it myself and done this in 2 hours if management would have let me without a 2nd opinion.  MS support said he's been with the ISA team and hasn't seen this since 2000, so EE would have been a long shot for me solving this one.

I'm just glad it's him rocking the ship today and not me...I'm ready to eat some turkey (o:

Thanks for trying anyway and have a great weekend!
inverted
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20331105
lol - I am a Cisco ccnp & ccdp as well as a Microsoft MVP for ISA server so I like both products equally. I'm also on the IAG2007 Advisory Team so maybe you will meet me when I present on the Live meetings for mthe product.

When all is said and done though, if the ISA team have found corruption after 6 hours and are talking to you over the phone then yes, I'd agree, our corresponding would have taken quite a time....

Glad it is approaching resolution for you either way.

Cheers
Keith Alabaster
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 20340060
Ty sir...

I'm sure I'm cya around, and thanks again.

inverted
0
 
LVL 2

Author Closing Comment

by:inverted_2000
ID: 31410201
A reinstallation was what had to be done to complete the task.  It wasn't that the help at EE couldn't have found the issue, it was just too time consuming for anyone to work with.
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 20395659
Oh yeah...and 1 last thing for anyone that might come across this article in the future.

Microsoft ISA engineers have confired that folder view and being able to write to external FTP sites is not supported in a "single" NIC configuration of the software.

Thanks everyone,
inverted
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
If, like me, you have a lot of Dell servers in the estate you manage this article should save you a little time. When attempting to login to iDrac on any server I would be presented with two errors. The first reads "Do you want to run this applicati…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses
Course of the Month10 days, 14 hours left to enroll

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question