[isalist] Re: [ISAserver.org Discussion List] FTP Servers

  • From: "Andrew English" <andrew@xxxxxxxxxxxxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 22 Mar 2006 14:04:03 -0500

None of the workstations use the web proxy, or firewall client software of ISA 
2004. They use Secure NAT, they are going out through ISA like if you had a 
dummy Linksys cable DSL router.
ISA is on
GW: for all clients on the DHCP server is, again there is no web 
proxy setup and no firewall client ware installed. 
Secondly what I meant in my other comment which you are so egger to twist 
around is that I have not tampered with the default firewall settings of ISA, 
yes I have added my own rules to the system, but if you look at the default 
core settings for ICMP, etc they have all been left alone.
Now are you going to keep acting this way if I say, you know Jim I installed a 
new ISA server that only had two rules in it, one for the FTP server to the 
outside using the default FTP Server protocol, and the other which is the 
default DENY rule that ISA creates? Are you going to blame on the web proxy or 
firewall client if neither are installed or being used?
Lets be realistic here, if you don't know the answer why ISA out of the box 
with two rules in it won't connect to FTP servers that don't use passive mode 
why make a fuss of it? Why not ask Bill to loan you one his boxes, install ISA 
2004, email me for a couple test accounts and go to town, then say geez you 
know there is a bug or maybe Microsoft doesn't care?  You have the time and 
certainly the money to investigate it further, than I do yet you keep hounding 
people to show you more evidence before you will get off your dairy air and do 
something.. ;)


From: isalist-bounce@xxxxxxxxxxxxx on behalf of Jim Harrison
Sent: Wed 22/03/2006 12:33 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers

No - you said:
"I seem to only be able to get access to FTP servers using PASV modem on my 
workstations that are setup under secure NAT".
This leaves the failing case hanging somewhere between web proxy and firewall 
You also stated:
"..I have had to reinstall ISA 2004.." and "Nothing on the ISA configuration 
level has been modified or changed", which are just a bit contradictory.

You haven't given anyone anything to work from, like:
- client errors
- ISA logs
- captures

If the problem is important enough to involve an entire list, its important 
enough to provide something more than conjecture and contradiction.

There are a great many FTP servers that disallow active mode; and with good 

   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   Read the help / books / articles!

Other related posts: