Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1769
  • Last Modified:

Enabling FTPS/PORT990 on Cisco ASA

Im having a problem enabling FTPS/Port 990 on my Cisco ASA 5520
0
cisco_pro30
Asked:
cisco_pro30
1 Solution
 
cisco_pro30Author Commented:
Here is what my policy map has in it.  



!
policy-map global_policy
 class inspection_default
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect pptp
!
0
 
alienXenoCommented:
In plain FTP, the firewall can inspect the control channel and hence it knows the port details of the data channel that is going to get established from the ftp server to the client.

This will enable the firewall to automatically open the data channel ports.

In FTPS, even the control channel traffic is encrypted, so the firewall can no longer inspect the details exchanged over the control port and hence the data channel connection attempt will fail.


Also , check http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a00805b87d8.shtml#q13
 

For this to work.

Create rules in your firewall as follows

 

1) Allow Any to FTPS server on port 990.

2) Allow FTPS Server port 989 to any.

 

This should allow the data channel tcp session to get established.
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now