Announcement

Collapse
No announcement yet.

ISA 2004 Outbound FTP

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ISA 2004 Outbound FTP

    Hi there,

    I have a multi-homed ISA 2004 server. The clients on the inside of the firewall are unable to connect to external FTP sites, when the users browse to the ftp sites it connects however it doesnt come back and ask for their usernames passwords, which seems to me like there is certain data packets that arent allowed back in through ISA. Does anyone have any ideas on how to fix this? Any how to's step by step guides to fix this problem?

    Cheers

  • #2
    Re: ISA 2004 Outbound FTP

    did you rightclick the FTP protocol in the rulebase -> configure FTP and uncheck the read only FTP?
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: ISA 2004 Outbound FTP

      FTP sends commands over the Telnet port (21) and sends data over FTP port 23, right? You might need to make a rule that includes port 21.
      A+, Network+, Security+
      MCSE+Security on Server 2003

      Comment


      • #4
        Re: ISA 2004 Outbound FTP

        no that's not true, it uses port 20 and 21.
        port 23 is telnet

        Also, did you tried to go over passive FTP?
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: ISA 2004 Outbound FTP

          Yeah I have tried using passive FTP and standard, have tried disabling the Read Only part of teh FTP.
          Strange thing is that when the data is coming back in it creates a "unidentfied IP traffic" on the ISA server logs?

          Comment


          • #6
            Re: ISA 2004 Outbound FTP

            I recently had a similar issue where ISA would not allow outbound FTP even though I had a rule to allow this.

            After checking the logging for ISA I noticed that the "SBS Internet Access Rule" which was added by default was blocking these connnections.

            To resolve this I deleted the "SBS Internet Access Rule" and recreated a rule for all outbound traffic to be allowed from the internal network. This is a similar rule to the "SBS Internet Access Rule" except that the default rule had traffic from "All Protected networks" not the internal network.

            This fixed the issue for me. Hope you have similar luck.
            Last edited by Cogent; 15th July 2006, 10:28.

            Comment


            • #7
              Re: ISA 2004 Outbound FTP

              Hi Guys
              Looks When you open ports 21, 20 for FTP --> Ok ISA will eccept let you get through.
              But how FTP server out side can set connect back to Client through ISA--> what port??? So you need to specify rules for this

              Comment

              Working...
              X