ISA Blocking FTP and uploads

I thought firewall turned on is to restrict package transmission from one point to another
try to turn off the firewall

I cant turn off ISA, I need to configure the rule around ISA...

did you receive any error message?
try to disable read only mode on your ISA Server 2004 console.

The rule is working, except that I keep getting a failed connection attempt in the real time log (ISA), The rule says "allowed" but than the the connection times out. Filezilla just keeps trying and trying... Another strange thing is on the log it has 0 bytes sent or recived, which is very strange... It might point to a local client firewall problem?

Did you touch the setting of ISA server 2004?

No, not untill I found out I had this problem. Now Ive been trying to get it working. Even I allowed the flood gates open and it still times out. I will ask my Hosting provider if they have any ideas.

right-click the rule that covers your ftp. Select configure ftp - untick the read-only box - apply the policy.

Also - are you allowing All Users on the ftp rule or trying to control it through an AD group or something?

Soory, I'm back from a long business trip.

here is the problem, the FTP rule is created automatically by ISA 2004. I cannot FTP any of my websites or even upload videos onto youtube or anything like that. It seems in general uploads have been disables except for a few cases here and there. There is nothing in my AD to discriminate user uploads or FTP. I( have a network monitor (GFI web monitor) program that gives me the option to block uploads but that is turned off and always has.

The strange thing is the firewall logs say 'allowed' but the connection continues to time out. Could it be something in my user rights? I have SBS, so any help to track down the culprit is highly appreciated..

No problem - I'll abort my interest in this question and let whoever takes it on instead continue with it.

Use the live query in ISA to see what is happening to the connections. Make sure your client is set to PASV and the ISA client is installed and connected to ISA on your workstation.
ISA has a filter that you can bring up when you double click on the protocol in the rule. See the screenshot.
Make sure that Read Only is not checked.

Philip
09-04-25-ISA-FTP-Filter.PNG

Yes, this is how I started to identify the problem, the 'live' log in ISA shows the FTP rule being authenticated and allowing the connection to take place, but the connection times out. FTP downloads are perfect on USER station but not the server. I will try the packet analyzer to track down the culprit but it should be only one of 4 'exit points' . 2 of these point I have no idea how to test for without breaking the law ;). I'm kidding, but how to check router packets and ISP packets?

1. workstation
2. Server
3. Router/modem
4. ISP

What type of router/modem is it and do you own/manage it?

To make sure I understand this:

1) From workstations you can download.
2) From workstations you can NOT upload.
3) Fro the server you can NOT upload or download.

Are all of these statements true?

I assume you have included localhost in the from section?

Giltjr. Yes your statement is correct

i manage 2 linksys adsl2 gateways in bridged mode being controlled by a linksys RV-042 VPN router. But this has something to do with ISA for sure.


keith, I will check, you might be right...

there are 3 FTP rules. I have attached screen shot below... Have a look and tell me what to change pls.
ftp.JPG
ftp2.JPG

I'm not a ISA expert, but the way I am interpreting the error you are getting the rule "SBS FTP Outbound Access Rule" seems to be blocking the connection attempt.  Although based on the 1st screen shot it seems to me that the 1st rule would also allow FTP inbound and outbound.

Is there anything worth while in the "Additional Information"?

No not at all...

can someone remote my server? And configure? Payment negotiable, sorry admins, but I need this fixed...

Thank you MPECSinc. I will redo my settings...

Still nothing. I defaulted the settings and ensured that "read only" was unchecked as this blocks FTP uploads and downloads. What to do next experts?

Temporarily can you setup a "permit" all rule to that specific single host and see if you can ftp to it with that?

ok will do

I opened the flood gates and I keep getting either errors:
(both timout)
Failed Connection Attempt SERVER1 15/05/2009 3:30:37 PM
Log type: Firewall service
Status: A connection was dropped because there are too many pending connection requests.
Rule: SBS Internet Access Rule
Source: Internal ( 192.168.17.48:3874)
Destination: External (g2u0854c.austin.hp.com 15.217.49.75:21)

OR

Failed Connection Attempt SERVER1 15/05/2009 3:30:41 PM
Log type: Firewall service
Status: A socket operation was attempted to an unreachable host.  
Rule: SBS Internet Access Rule
Source: Internal ( 192.168.17.48:3855)
Destination: External (g2u0854c.austin.hp.com 15.217.49.75:21)
Protocol: FTP
User: GETEG\XXXXXXXXXXXXXXXX

Also I stopped the connection attempt, but my local host external NIC keeps trying to connect anyways, on hundreds of different ports with the same errors above...

It sounds almost as if something else is blocking access to that remote host or somehow you do not have a default route/gateway setup on the ISA box.

I have the default route setup or I would never have client connect to the net, IT does seem something else is blocking it, maybe GFI webmonitor??? It really shouldn't be the case. This is really getting out of hand, I will do the worse, I will uninstall ISA and see what happens...

Problem not solved behind server, in front of server is 100%, this is an ISA issue. I will remove this firewall as no solution could be obtained.