Hi Tom, Thanks for the reply. Sorry, when I said 'open ports', I was referring to server publishing the ports (say 2000-2010). So you are saying if I server publish the FTP server, FTP clients using PASV mode can initiate the connection to data port on the server without ISA blocking the incoming traffic? Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote: http://www.ISAserver.org Hi Tim, How do you "open ports" on the ISA firewall? There is no open port button. Why not just server publish the FTP server? Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls --------------------------------- From: tim S [mailto:tim724342@xxxxxxxxx] Sent: Wednesday, January 12, 2005 8:57 AM To: [ISAserver.org Discussion List] Subject: [isalist] Allowing passive mode FTP through ISA http://www.ISAserver.org I am trying to do this in a secure way. I have ISA2000 and an IIS6.0 FTP server published behind ISA with web publishing rule. Recently, one of our client started to use FTP clients in passive mode only. This mean I will have to open up inbound ports >1024 for the internal FTP server. This is, as you know, a big security risk. I would really really appreciate if anyone has a workaround and/or suggestion. Thanks --------------------------------- Do you Yahoo!? All your favorites on one personal page ? Try My Yahoo! ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tim724342@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx --------------------------------- Do you Yahoo!? Yahoo! Mail - You care about security. So do we.