Actually, ISA can be an FTP proxy, but only for download functionality. The web proxy doesn't "do" FTP "put". If you want to publish FTP and have full functionality, you need to use server publishing, which doesn't "proxy". Jim Harrison MCP(2K), A+, Network+, PCG ----- Original Message ----- From: "Steve Calderoni" <scalderoni@xxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, August 23, 2001 10:00 AM Subject: [isalist] Re: FTP. Man I am feeling dumb! http://www.ISAserver.org Ok, That article makes sense. In that scenario the proxy server would replace the existence of a NAT router. Trying to avoid that too. Is it a correct statement that MS ISA has no ability to be a FTP proxy? All the clients I have downloaded for test have Proxy options and can connect to the ISA server. The request is simply ignored by the ISA server. Not even logged. -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Thursday, August 23, 2001 9:28 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: FTP. Man I am feeling dumb! http://www.ISAserver.org I love bouncing facial hair... ;-) Take a read here for the details of your dilemma: http://www.isaserver.org/pages/tutorials/isanetworks.htm Jim Harrison MCP(2K), A+, Network+, PCG ----- Original Message ----- From: "Steve Calderoni" <scalderoni@xxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, August 23, 2001 7:55 AM Subject: [isalist] Re: FTP. Man I am feeling dumb! http://www.ISAserver.org Name resolution is enabled internally for external address. You did just raise my eyebrow though. I think I have been asking the wrong question. You see the ISA server and the test workstations are in different subnets. Example: Workstation config: IP: 10.20.30.5 Mask: 255.255.255.0 Gateway: 10.20.30.1 ISA config: IP: 10.20.40.2 Mask: 255.255.255.0 Gateway: 10.20.40.1 At home I simply specify the ISA server as my gateway and all is happy as a SecureNAT and Proxy without client. What would be the config to allow systems in different subnets that are on different switches to allow them to use the SecureNAT feature? Do I need to add a special route for external addressing? -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Thursday, August 23, 2001 8:43 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: FTP. Man I am feeling dumb! http://www.ISAserver.org If you're not using the FW client, the client machine has to be a secureNAT client and you just point the FTP app to the destination server. Name resolution has to be functional internally, though. Jim Harrison MCP(2K), A+, Network+, PCG ----- Original Message ----- From: "Steve Calderoni" <scalderoni@xxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, August 23, 2001 7:06 AM Subject: [isalist] Re: FTP. Man I am feeling dumb! http://www.ISAserver.org Just re-asking the question in case someone might have the answer: If you don't want to use the firewall client what is the basic configuration for an FTP client such as WS-FTP32 Pro or CuteFTP? I can't get any FTP clients except a browser to work. Any advice is appreciated. Thanks -----Original Message----- From: Greg Foulks [mailto:greg.foulks@xxxxxxxx] Sent: Wednesday, August 22, 2001 8:42 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: FTP. Man I am feeling dumb! http://www.ISAserver.org I believe that if you are using the Firewall Client... you shouldn't have to make any proxy setting changes in your FTP client. The Firewall Client should take care of everything for you... I run the Firewall Client and have not had to make any FTP client configuration changes. Greg Foulks, MCP NewFound Technologies, Inc. http://www.nfti.com Email: greg.foulks@xxxxxxxx Voice: 614.318.5036 Fax: 614.318.5005 -----Original Message----- From: Steve Calderoni [mailto:scalderoni@xxxxxxxxxxxxx] Sent: Wednesday, August 22, 2001 10:26 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: FTP. Man I am feeling dumb! http://www.ISAserver.org I guess my question is more client oriented. If I go to ftp://ftp.mcafee.com in Internet Explorer or Netscape it works. I can get dir listings and download files. When I use WS-FTP32 or CuteFTP, however, the client connects to the server (in this case 10.20.30.20:8080) and then stops with a message that says "Socket connected. Waiting for welcome message". The client then times out and fails the connection. Within the clients there are numerous settings for firewall and proxy. There are "SITE hostname", "Transparent", "USER with no logon", "Proxy OPEN" and "USER remoteID@remoteHost fireID," just to name a few. What is the configuration of the client to allow it to work through a proxy? Under IE I had to change the browser to communicate in PORT mode rather than PASV. Since the browser works I am inclined to believe that the server is configured properly. It is the client config that is killing me. Thanks -----Original Message----- From: jay vaughan [mailto:jay@xxxxxxxxxx] Sent: Tuesday, August 21, 2001 5:03 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: FTP. Man I am feeling dumb! http://www.ISAserver.org >http://www.ISAserver.org >What do I have to set up on the ISA server side to allow clients such as >WC-FTP32 and CuteFTP to work through it? What are the settings for the >client? Proxy OPEN? On the ISA side I have (well I think I have) enabled >FTP. Even set up a Proto Def that has a secondary of port 20. I have two >servers I am testing with. One is Integrated and one is Cache Mode. I know >(to an extent) that FTP works as far as the server is concerned because I >can FTP through IE 5.5 and 6.0. FTP uses two well known ports (services): ports 20, and 21. One is used for 'control', and the other is used for 'transfer' - if you can get into an FTP site and issue commands to view directory listings, etc, but are unable to download/upload, it's usually because the 'transfer' channel is blocked by a firewall. Add a protocol rule that allows FTP, using the default ISA protocol definitions for FTP. I wouldn't advise setting up an IP filter - just use the built-in protocol definitions to allow FTP transfers. -- j. -- jv - Jay Vaughan - seclorum@xxxxxxx - jay@xxxxxxxxxx ~... threads rolling, keep the threads rolling ...~ ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: scalderoni@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: greg.foulks@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: scalderoni@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: scalderoni@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: scalderoni@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')