The filter is also in ISA2006.... Steve Comeau Associate Director of IT Rutgers Athletics 83 Rockafeller Road Piscataway, NJ 08854 732-445-7802 732-445-4623 (fax) www.scarletknights.com<http://www.scarletknights.com> [cid:image001.png@01CAF346.B898C380] [cid:image002.jpg@01CAF346.B898C380] From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore Sent: Friday, May 14, 2010 8:33 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] FTP Oddity over TMG OK, here's an odd one for you. I've almost completed my transition from ISA 2006 to TMG. Yesterday I reconfigured DHCP so that all my clients started using TMG as their default gateway. We then discovered a problem. One of the users needed to FTP a file to someplace offsite. Something he does regularly to this site. (I hadn't discovered this problem because those of us testing the firewall don't use FTP much.) His FTP failed when using Windows Explorer to do the FTPing. I tried replicating the problem from the command line, while monitoring the activity from TMG. My FTP also failed. The command line returned this error: 502 Active FTP not allowed. 550 Access is denied. However, TMG returned no errors at all. After a while, I hit upon the FTP filter. It has a checkbox that is checked by default that is labeled "Read Only" and says "When Read Only is selected, FTP uploads will be blocked." I unchecked that box and tried again. The upload from the command line failed again, with a slightly different error: 502 Active FTP not allowed. 550 No port specified. Again, no errors reported by TMG. However, the FTP now works from Windows Explorer. So, a couple of oddities come to mind. 1. Why is it that the default in an "allow" rule is to have the filter block the traffic you just allowed? Seems weird to me. 2. Why does FTP work from Windows Explorer but not from the command line? Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Rob Moore Network Manager 215-241-7870 Helpdesk: 800-500-AFSC *** This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Rutgers University - DIA 83 Rockafeller Road Piscataway, NJ 08854 www.scarletknights.com ***