This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

FTP question

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

FTP question

migration
L0 Member

‎09-26-2011 12:36 PM

Greetings,

I am trialing a WING FTP server here at the office.  FTP and HTTPS work fine to the server from a FileZilla client.  I have an SSL certificate loaded onto the server for FTPS/HTTPS.  When I try to connect to the server via FTPS (port 990), the client connects but gets stuch at listing the directory contents.  The FileZilla client hangs at the command : MLSD.  Eventually, it times out.

I confirmed that FTPS works on my LAN so I am focusing on the firewall.  I do not see any Threat attempts that may have been dropped except for a few previous attempts at an SSH  (SFTP) connection I tried.

Any thoughts?

P.S.> an SSH connection works to this server from the outside,as well.  So it looks like the only issue is with FTP over SSL.

Thanks, Mike

0 Likes Likes
4 REPLIES 4

jleung
L4 Transporter

‎09-27-2011 09:22 AM

Hi,

May I know how you apply your policy for SSH traffic to your server? Have you tried to allow SSH traffic to and from your SFTP server?

Regards,

Jones

0 Likes Likes

migration
L0 Member
In response to jleung

‎09-27-2011 10:05 AM

I have a new rule for this testing configured as follows:

Source Zone: Untrust
Source Address: Any
Source User: Any

Destination Zone: Trust
Destination Address: My FTP's Nat Address

Application: Any
Service(s):
-Custom FTP(port 31)
-Custom FTPS(port 990)
-Custom SFTP(port 32)
Service-HTTP
Service-HTTPS

Profiles: Only blocking for Virus' and Spyware.  Everything else open.
Sessions sent at END only.

I have a production Microsoft FTP server on the same server as the WING.  The MS FTP is only listening on port 21, hence the custom ports of 31/32.  The MS FTP works fine from both outside and inside the LAN.

There is a test Outbound rule for this server but I have never seen it used yet.

[See attached screenshot.]

Preview file
26 KB
0 Likes Likes

bpappas
L6 Presenter
In response to migration

‎11-09-2011 12:23 AM

@mwaters31:

are you seeing any drops in the traffic logs?

if not and since you are not seeing the traffic match your security rule I am going to assume that the implicit deny rule is dropping your traffic. This would mean that some of the parameters of the traffic do not conform with the security policy. I suggest performing a packet capture from the ftp client and server to determine where your security policy is not matching the actual traffic.

-Benjamin

0 Likes Likes

migration
L0 Member
In response to bpappas

‎11-09-2011 07:54 AM

It actually ended up being a problem with the configuration of their server.  It works fine now.  Thanks for checking in.

Mike

0 Likes Likes
  • 4079 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks