Elemental12
asked on
SFTP and Stateful Firewalls
Hi,
So I have an internal server that will be automatically grabbing files from an external FTP server via SFTP. It will be going through a stateful firewall. I was able to configure it with the help of a coworker, but I am trying to get an understanding of how a stateful firewall can cause difficulties in an SFTP connection. Is it dumb to say that SFTP = encrypted port 21 traffic ? Any helpful explanation or URLs to resources would be appreciated. Google was not being very helpful.
Thanks
So I have an internal server that will be automatically grabbing files from an external FTP server via SFTP. It will be going through a stateful firewall. I was able to configure it with the help of a coworker, but I am trying to get an understanding of how a stateful firewall can cause difficulties in an SFTP connection. Is it dumb to say that SFTP = encrypted port 21 traffic ? Any helpful explanation or URLs to resources would be appreciated. Google was not being very helpful.
Thanks
ASKER
I understood that part. I just need some background about it's interaction with a stateful firewall, and some of the possible issues that can occur.
For clarity:
1. SFTP - simple file sharing protocol
2. sFTP - Secure File transfer protocol (Uses SSH/SCP commands)
3. FTPs - File transfer protocol over SSL (Uses FTP commands NO SSH here)
Now take a look here:
http://en.wikipedia.org/wiki/Stateful_firewall
This explains what the stateful firewall is and how it works. After taking the previously stated into consideration andt he actual type of protocol you are using you can see where some packets would be filtered out. BUT this should affect any kind of un secured traffic.
1. SFTP - simple file sharing protocol
2. sFTP - Secure File transfer protocol (Uses SSH/SCP commands)
3. FTPs - File transfer protocol over SSL (Uses FTP commands NO SSH here)
Now take a look here:
http://en.wikipedia.org/wiki/Stateful_firewall
This explains what the stateful firewall is and how it works. After taking the previously stated into consideration andt he actual type of protocol you are using you can see where some packets would be filtered out. BUT this should affect any kind of un secured traffic.
ASKER
Thank you for the article. So my question then becomes if a user names an sFTP connection outbound through the firewall, stateful inspection running on the firewall would require that the return traffic be on the exact same port number?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you very much, I appreciate the assistace.
Usually, SFTP uses SSH as an encrypted layer, which usually is on port 22.