RE: Allowing passive mode FTP through ISA

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 12 Jan 2005 09:28:16 -0600

Hi Tim,
 
The FTP filter on the ISA firewall supports both active and PASV mode
FTP connections.
 
HTH,
 
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder> 
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls

 

________________________________

From: tim S [mailto:tim724342@xxxxxxxxx] 
Sent: Wednesday, January 12, 2005 9:26 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Allowing passive mode FTP through ISA


http://www.ISAserver.org 
Hi Tom,
 
Thanks for the reply.  Sorry, when I said 'open ports', I was referring
to server publishing the ports (say 2000-2010).  So you are saying if I
server publish the FTP server, FTP clients using PASV mode can initiate
the connection to data port on the server without ISA blocking the
incoming traffic?   

Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote:

        http://www.ISAserver.org
        
        Hi Tim,
         
        How do you "open ports" on the ISA firewall? There is no open
port button.
         
        Why not just server publish the FTP server?
         
        Tom
        www.isaserver.org/shinder <http://www.isaserver.org/shinder> 
        Tom and Deb Shinder's Configuring ISA Server 2004
        http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
        MVP -- ISA Firewalls

         

________________________________

        From: tim S [mailto:tim724342@xxxxxxxxx] 
        Sent: Wednesday, January 12, 2005 8:57 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] Allowing passive mode FTP through ISA
        
        
        http://www.ISAserver.org 
        I am trying to do this in a secure way.  I have ISA2000 and an
IIS6.0 FTP server  published behind ISA with web publishing rule.
Recently, one of our client started to use FTP clients in passive mode
only.  This mean I will have to open up inbound ports >1024 for the
internal FTP server.  This is, as you know, a big security risk.  I
would really really appreciate if anyone has a workaround and/or
suggestion.
         
        Thanks

        
________________________________

        Do you Yahoo!?
        All your favorites on one personal page - Try My Yahoo!
<http://my.yahoo.com/>
------------------------------------------------------ List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server
Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server
FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------ Other Internet
Software Marketing Sites: World of Windows Networking:
http://www.windowsnetworking.com Leading Network Software Directory:
http://www.serverfiles.com No.1 Exchange Server Resource Site:
http://www.msexchange.org Windows Security Resource Site:
http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------ You are currently
subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to
listadmin@xxxxxxxxxxxxx
------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Other Internet Software Marketing Sites:
        World of Windows Networking: http://www.windowsnetworking.com
        Leading Network Software Directory: http://www.serverfiles.com
        No.1 Exchange Server Resource Site: http://www.msexchange.org
        Windows Security Resource Site: http://www.windowsecurity.com/
        Network Security Library: http://www.secinf.net/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: tim724342@xxxxxxxxx
        To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        Report abuse to listadmin@xxxxxxxxxxxxx 

________________________________

Do you Yahoo!?
Yahoo! Mail
<http://us.rd.yahoo.com/mail_us/taglines/security/*http://promotions.yah
oo.com/new_mail/static/protection.html>  - You care about security. So
do we. ------------------------------------------------------ List
Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server
Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server
FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------ Other Internet
Software Marketing Sites: World of Windows Networking:
http://www.windowsnetworking.com Leading Network Software Directory:
http://www.serverfiles.com No.1 Exchange Server Resource Site:
http://www.msexchange.org Windows Security Resource Site:
http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------ You are currently
subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to
listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 01-2005