RE: outgoing client ftp problem through isa 2000
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 22 Feb 2005 04:37:07 -0600
Hi Steve,
http://isaserver.org/articles/How_the_FTP_protocol_Challenges_Firewall_S
ecurity.html
HTH,
Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Steve Lunn [mailto:Steve.Lunn@xxxxxxxxxxxxxxxx]
Sent: Tuesday, February 22, 2005 2:35 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: outgoing client ftp problem through isa 2000
http://www.ISAserver.org
I have a couple of things to note here
1) If Firewall Client is installed, but disabled, I've noticed IE do
strange
things. I use VPN's to different sites, and if I have a VPN active, I
have
to disable FWC otherwise traffic doesn't route properly. Disabling FWC
stopped me being able to browse the internet in IE. It seems that IE
ignores
the proxy settings when it feels like it. Firefox, however quite happily
lets me browse the internet while a VPN is active.
2) I had a problem with a third party application that wouldn't use FTP
properly. It was part of an auto update sequence for some marketing
software. I could FTP to their site from DOS, but their auto update
wouldn't
work. I traced this to the user not being able to use port 20 which is
used
for active FTP communication along side port 21. I created a protocol
for
port 20 and gave the users access to it, and hey presto, it worked.
Regards,
Steve
Steve Lunn - PC & Network Support
Microsoft MCP
DDI: 01423 855101
Fax: 01423 855181
_____
From: Dijk, Sebastian van [mailto:sebastian.van.dijk@xxxxxxxxxx]
Sent: 22 February 2005 08:13
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: outgoing client ftp problem through isa 2000
http://www.ISAserver.org
Hey Guys,
I am still having this weird problem :
When firewall client is enabled : FTP works from internet explorer
When firewall client is disabled : FTP does not work from internet
explorer
Help ! :-)
_____
Van: Dijk, Sebastian van
Verzonden: maandag 27 december 2004 10:30
Aan: [ISAserver.org Discussion List]
Onderwerp: [isalist] outgoing client ftp problem through isa 2000
http://www.ISAserver.org
Server : 2003, ISA 2000 including all service packs
Clients : Windows XP, no firewall enabled.
I am trying but failing in giving users rights for the FTP Protocol, to
access FTP Servers.
What is the situation :
Client Machines with internet explorer proxy settings enabled, all at
port
8080.
Clients have a default gateway pointing to the ISA server (ISA 2000)
On the ISA server, i made a new protocol definition : "ftp outbound"
port
21, outbound. No secondary connections.
A new protocol rule is made, groups are allowed to used this FTP
OUTBOUND
protocol definition.
Outgoing web requests :
"Same listener for all internal IP Addresses", tcp port 8080 and
integrated
authentication is used.
"Ask unauthenticated users for authentication" is turned off, this is
because we have a small application running that can't be used with the
firewall client, so it needs just a securenat configuration.
The FTP Access filter is enabled.
The problem :
1. User's can not access ftp sites, i've set the "passive ftp" option in
Internet Explorer but it just won't work.
I tried to set the proxy port in Internet Explorer to 21 in stead of
8080.
No result.
2. Then i tried to install the firewall client, now client CAN use FTP
connections.
But i want only the Internet Explorer proxy settings to be used.
Has anyone a clue why my FTP setup won't work without firewall client
enabled ??
Thanks in advance,
Sebastian van Dijk
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
sebastian.van.dijk@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve.lunn@xxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Homeowners Group consists of Homeowners Friendly Society Limited (HFSL),
Registered and Incorporated under the Friendly Societies Act 1992, Reg.
No.
964F, Homeowners Investment Fund Managers Limited (HIFML), Reg. No.
3224780,
Homeowners Financial Administration Limited (HFAL), Reg. No. 4301736,
Homeowners Membership Services Limited (HMSL), Reg. No. 3091667 and UK
Friendly Insurance Services Limited (UKFISL), Reg. No. 3088162, all
registered at Hornbeam Park Avenue, Harrogate. HG2 8XE. Tel: 01423
855000
Web: http://www.homeowners.co.uk
HFSL and HIFML are both authorised and regulated by the Financial
Services
Authority (FSA). HFSL's FSA Register no. is 110072, HIFML's FSA Register
no.
is 181487. You can check this on the FSA's Register by visiting the
FSA's
website http://www.fsa.gov.uk/register or by contacting the FSA on 0845
606
1234
HFAL, HMSL and UKFISL are non-regulated limited companies.
United Kingdom Civil Service Benefit Society (UKCSBS) and United Kingdom
Armed Forces Benefit Society (UKAFBS) are trading styles of Homeowners
Friendly Society Limited
This e-mail is intended only for the person named as recipient. The
contents
are confidential. If you are not the intended recipient of this e-mail,
please notify us as soon as possible and delete it. If you are not the
intended recipient of the e-mail, any use by you is prohibited.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
