[isalist] FTP Oddity over TMG
- From: Rob Moore <RMoore@xxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 14 May 2010 08:32:52 -0400
OK, here's an odd one for you.
I've almost completed my transition from ISA 2006 to TMG. Yesterday I
reconfigured DHCP so that all my clients started using TMG as their default
gateway. We then discovered a problem. One of the users needed to FTP a file to
someplace offsite. Something he does regularly to this site. (I hadn't
discovered this problem because those of us testing the firewall don't use FTP
much.) His FTP failed when using Windows Explorer to do the FTPing. I tried
replicating the problem from the command line, while monitoring the activity
from TMG. My FTP also failed. The command line returned this error:
502 Active FTP not allowed.
550 Access is denied.
However, TMG returned no errors at all.
After a while, I hit upon the FTP filter. It has a checkbox that is checked by
default that is labeled "Read Only" and says "When Read Only is selected, FTP
uploads will be blocked." I unchecked that box and tried again. The upload from
the command line failed again, with a slightly different error:
502 Active FTP not allowed.
550 No port specified.
Again, no errors reported by TMG.
However, the FTP now works from Windows Explorer.
So, a couple of oddities come to mind.
1. Why is it that the default in an "allow" rule is to have the filter
block the traffic you just allowed? Seems weird to me.
2. Why does FTP work from Windows Explorer but not from the command line?
Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rob Moore
Network Manager
215-241-7870
Helpdesk: 800-500-AFSC
Other related posts:
