Microsoft TMG 2006 - Allow FTP uploads

I am using TMG 2006 (EBS Edition). Trying to resolve the issue of not being able to upload the file(s). This feature is needed by a third-party application (browser is not being used directly).
I did some research and noticed that some of the features of FTP filter are missing in my version of TMG (Allow Active Mode - that is what this application uses). I only see Read Only which I disabled but it still doesn't work.
Upload from the third-party host works fine after configuring the rules.
IT-NYCAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pwindellCommented:
Install the TMG Client software on the user's machine

Running FTP over a Web Proxy Service will not do uploads no matter what you do. That is the way the industry standard is for a "web proxy service".

A SecureNAT Client can only use FTP if the Access Rule is anonymous.

So that leaves you with having the use the Winsock Proxy Service (aka the Firewall Service),...which requires the TMG Client (formerly the Firewall Client).

I don't know what to tell you about the alleged missing features in the FTP App Filter.  ISA2000-ISA2006 didn't care one way or the other about Active-Passive,..it would do whatever the client-side wanted to do.  TMG I think makes you jump through hoops to allow Active.

TMG initiates active FTP connections to external servers even though it's configured for passive FTP - a problem with FTP over HTTP
http://blogs.technet.com/b/nettracer/archive/2011/09/21/tmg-initiates-active-ftp-connections-to-external-servers-even-though-it-s-configured-for-passive-ftp-a-problem-with-ftp-over-http.aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pwindellCommented:
When you run FTP through the Web Proxy Service you are not using the real FTP protocol,...you are using FTP-over-HTTP,...and that,...I believe is not capable of FTP uploads.  In order for an upload to happen it has to switch to the real FTP protocol.  The FTP Application Filter is only used for the real FTP Protocol.
0
Keith AlabasterEnterprise ArchitectCommented:
Yes, you can do an upload using ftp in the browser, for example    ftp://ftp.microsoft.com/  - the ability to drag and drop a file for upload will be down to the permissions and works in a sort of webdav-vy type way but Phil is correct that use of the FTMG client is the best approach.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

pwindellCommented:
Yes, you can do an upload using ftp in the browser, for example    ftp://ftp.microsoft.com/  

Yes, but I believe the browser switches to operating as a "Firewall Client" when you get to that point. In fact I believe it is no longer using Internet Explorer at that point but is actually using Windows Explorer (hence the drag and drop ability) which may even be leveraging the regular ftp.exe behind the scenes.  So, not a "web proxy" based ftp-over-http at that point.
0
IT-NYCAuthor Commented:
Thanks for your advice! I will be testing it as soon as I can
0
IT-NYCAuthor Commented:
Happy Holidays!
0
pwindellCommented:
Ho-Ho-Ho!
0
Keith AlabasterEnterprise ArchitectCommented:
Yeah - whay he said
0
pwindellCommented:
Keith,..I sent you a couple private emails,..no response.   Did they not get through?
0
Keith AlabasterEnterprise ArchitectCommented:
Hey Phil, I responded within the MVP griup thread. Wouldn't ignore you :(

No, not going to the summit - but thanks for offer.
0
pwindellCommented:
No problem :-)
0
IT-NYCAuthor Commented:
pwindell,
I scheduled to test your solution tomorrow. Will let you know how it went.
0
IT-NYCAuthor Commented:
Testing with Microsoft support. So far, it hasn't worked. They are involving the original TMG team.
0
pwindellCommented:
I'll probably be seeing some of the TMG Team at the end of Feb when I go out there.  If they don't figure it out maybe I can slap 'em around a bit for ya'   :-)

Let us know what they discover. It could be useful for us if someone else pops up with the same problem.
0
Keith AlabasterEnterprise ArchitectCommented:
Could be something we are not aware of - we know the TMG release for EBS is not the standard product - maybe it behaves a bit differently. As an aside, not sure there is much of the original ISA/TMG team left, most have moved on to other areas now :(
0
pwindellCommented:
Last I heard about the Summit it was basically,..."maybe they will be there, maybe they won't".  But that MVP mail list has been very silent, so I don't know what is really going on to be honest.
0
IT-NYCAuthor Commented:
Thanks, pwindell, and everyone else. MS support confirmed that it was not possible to do with the EBS TMG. I resolved it by moving away from it.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.