Link to home
Create AccountLog in
Avatar of Information Services
Information ServicesFlag for United States of America

asked on

MS TMG 10 and Secure FTP

We recently moved from Microsoft's firewall product - ISA 2004 to Threat Management Gateway 2010. We did so to address some issues with SSL certificates on our mail server.
We did not realize it at first, but MS TMG 2010 no longer supports Secure FTP - something about its inability to verify data transmitted through the alternate channel that Secure FTP opens up.
We were told there were workarounds, but we've not found any that work. Does anyone have a workaround for Secure FTP on MS Threat Management Gateway 2010? Any help is greatly appreciated!
Avatar of btan
btan

I believe you are looking out for this MS extracted below:

Secure FTP support

Issue: Forefront TMG does not support secure File Transfer Protocol (FTP).

Cause: Secure FTP uses an encrypted control channel between the FTP client and server. After the FTP client and server establish an encrypted control channel, the Forefront TMG FTP filter cannot see the FTP commands and so cannot create the dynamic policy changes that are necessary to fully support FTP communications.

Solution: There is an unsupported workaround available that allows you to publish secure FTP. For more information, see Publishing Secure FTP Servers behind ISA Firewalls at the ISAserver.org Web site (http://go.microsoft.com/fwlink/?linkid=51105).

See this link below on "Part Three: Publish a Secure FTP Server Behind the ISA Firewall"
http://www.isaserver.org/articles-tutorials/configuration-general/Publishing-Secure-FTP-Servers.html

I would also suggest below and note traffic is encrypted and not inspected still whether in ISA or TMG if I understand correctly. Minimally it does allow it through

Enabling Secure FTP Access Through ISA 2006 Firewalls (Part 1 and 2)

http://www.isaserver.org/articles-tutorials/configuration-security/Enabling-Secure-FTP-Access-Through-ISA-2006-Firewalls-Part1.html

http://www.isaserver.org/articles-tutorials/configuration-security/Enabling-Secure-FTP-Access-Through-ISA-2006-Firewalls-Part2.html
Avatar of Information Services

ASKER

breadtan,
We have tried the workaround to no avail. We are at TMG 2010 and not 2006. In your opinion, would that be why the workaround doesn't appear to work for us?
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer