RE: Allowing passive mode FTP through ISA

  • From: tim S <tim724342@xxxxxxxxx>
  • To: "\[ISAserver.org Discussion List\]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 12 Jan 2005 07:25:35 -0800 (PST)

Hi Tom,
 
Thanks for the reply.  Sorry, when I said 'open ports', I was referring to 
server publishing the ports (say 2000-2010).  So you are saying if I server 
publish the FTP server, FTP clients using PASV mode can initiate the connection 
to data port on the server without ISA blocking the incoming traffic?   

Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote:
http://www.ISAserver.org
Hi Tim,
 
How do you "open ports" on the ISA firewall? There is no open port button.
 
Why not just server publish the FTP server?
 

Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
 


---------------------------------
From: tim S [mailto:tim724342@xxxxxxxxx] 
Sent: Wednesday, January 12, 2005 8:57 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Allowing passive mode FTP through ISA



http://www.ISAserver.org I am trying to do this in a secure way.  I have 
ISA2000 and an IIS6.0 FTP server  published behind ISA with web publishing 
rule.  Recently, one of our client started to use FTP clients in passive mode 
only.  This mean I will have to open up inbound ports >1024 for the internal 
FTP server.  This is, as you know, a big security risk.  I would really really 
appreciate if anyone has a workaround and/or suggestion.
 
Thanks


---------------------------------
Do you Yahoo!?
All your favorites on one personal page ? Try My Yahoo! 
------------------------------------------------------ List Archives: 
http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: 
http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: 
http://www.isaserver.org/pages/larticle.asp?type=FAQ 
------------------------------------------------------ Other Internet Software 
Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com 
Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange 
Server Resource Site: http://www.msexchange.org Windows Security Resource Site: 
http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ 
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com 
------------------------------------------------------ You are currently 
subscribed to this ISAserver.org Discussion List as: 
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit 
http://www.webelists.com/cgi/lyris.pl?enter=isalist
 Report abuse to listadmin@xxxxxxxxxxxxx 
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
tim724342@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 
                
---------------------------------
Do you Yahoo!?
 Yahoo! Mail - You care about security. So do we.

Other related posts: