FTP question

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

FTP question

L0 Member

Greetings,

I am trialing a WING FTP server here at the office.  FTP and HTTPS work fine to the server from a FileZilla client.  I have an SSL certificate loaded onto the server for FTPS/HTTPS.  When I try to connect to the server via FTPS (port 990), the client connects but gets stuch at listing the directory contents.  The FileZilla client hangs at the command : MLSD.  Eventually, it times out.

I confirmed that FTPS works on my LAN so I am focusing on the firewall.  I do not see any Threat attempts that may have been dropped except for a few previous attempts at an SSH  (SFTP) connection I tried.

Any thoughts?

P.S.> an SSH connection works to this server from the outside,as well.  So it looks like the only issue is with FTP over SSL.

Thanks, Mike

4 REPLIES 4

L4 Transporter

Hi,

May I know how you apply your policy for SSH traffic to your server? Have you tried to allow SSH traffic to and from your SFTP server?

Regards,

Jones

I have a new rule for this testing configured as follows:

Source Zone: Untrust
Source Address: Any
Source User: Any

Destination Zone: Trust
Destination Address: My FTP's Nat Address

Application: Any
Service(s):
-Custom FTP(port 31)
-Custom FTPS(port 990)
-Custom SFTP(port 32)
Service-HTTP
Service-HTTPS

Profiles: Only blocking for Virus' and Spyware.  Everything else open.
Sessions sent at END only.

I have a production Microsoft FTP server on the same server as the WING.  The MS FTP is only listening on port 21, hence the custom ports of 31/32.  The MS FTP works fine from both outside and inside the LAN.

There is a test Outbound rule for this server but I have never seen it used yet.

[See attached screenshot.]

@mwaters31:

are you seeing any drops in the traffic logs?

if not and since you are not seeing the traffic match your security rule I am going to assume that the implicit deny rule is dropping your traffic. This would mean that some of the parameters of the traffic do not conform with the security policy. I suggest performing a packet capture from the ftp client and server to determine where your security policy is not matching the actual traffic.

-Benjamin

It actually ended up being a problem with the configuration of their server.  It works fine now.  Thanks for checking in.

Mike

  • 3615 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!