Thanks Stefaan! I'll give 'er a whirl. t From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Stefaan Pouseele Sent: Saturday, April 12, 2008 3:15 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: FTPS / Secondary Connections Hi Thor, For outbound FTPS access, check out http://blogs.isaserver.org/pouseele/2006/10/08/solving-the-secure-ftp-di lemma-with-isa-server-2004-and-2006/. For inbound FTPS access, check out http://www.isaserver.org/tutorials/Publishing-Secure-FTP-Servers.html. Though not officially supported by MSFT, FTPS seems to work for a lot of ISA users. ;-) HTH, Stefaan From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: vrijdag 11 april 2008 23:14 To: isapros@xxxxxxxxxxxxx Subject: [isapros] FTPS / Secondary Connections So, you can't publish IIS7 FTPS through ISA because the FTP Access filter gives an Access Denied as soon as one tries an AUTH SSL (obviously). Since the FTP Access filter is responsible for dynamically configuring/allowing secondary port access, you can't turn it off either. So, if once makes their own protocol to specify FTPS (TCP 21 inbound, not 991 btw) with a large secondary outbound connection range, ISA fails with a "unknown protocol" on the outbound secondary connection. Is there some magic to making ISA recognize secondary outbound connections for PASV FTP connection within the publishing rule? t