Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SSL FTP on NON 443 Port

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> SecureNAT Client >> SSL FTP on NON 443 Port Page: [1]
Login
Message << Older Topic   Newer Topic >>
SSL FTP on NON 443 Port - 19.Jan.2004 9:17:00 PM   
mwhitcomb@usa.net

 

Posts: 31
Joined: 23.Jun.2001
From: Green Bay, WI, USA
Status: offline 		Hi ~!

I have an application that needs to use SSL on port 990 and then create a secondary connection on a range (only 10 so kind of small) of addresses in the 2010-2020 range. It is a financial application. I tried this:

set isa=CreateObject("FPC.Root")
set _tprange=isa.Arrays.GetContainingArray.ArrayPolicy.WebProxy.TunnelPortRanges
set tmp=tprange.AddRange("SSL 990", 990, 990)
tprange.Save

Do I need to do it for the other ranges? Is this even possible? Or is it possible but stupid "[Roll ? Your help is appreciated.
Post #: 1
RE: SSL FTP on NON 443 Port - 19.Jan.2004 9:31:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi mwhitcomb,

check out my article http://www.isaserver.org/articles/How_the_FTP_protocol_Challenges_Firewall_Security.html , particular section '5. What about Secure FTP'.

HTH,
Stefaan

(in reply to mwhitcomb@usa.net)
Post #: 2
RE: SSL FTP on NON 443 Port - 20.Jan.2004 6:56:00 PM   
mwhitcomb@usa.net

 

Posts: 31
Joined: 23.Jun.2001
From: Green Bay, WI, USA
Status: offline 		Dear Stephan,

A million thank you's, our link answered all my questions! I wannabe like you! So now I have one more question. At this location we have two Internet connections, 1 that ISA defends and another that has all ports blocked except a WAN connection to two remote offices (FreeBSD/IPFilter/Racoon). What I would like to do is somehow when a request for SecureFTP comes to ISA, can I cause it to redirect the request to this other connection? I could then open just those ports on that connection. BECAUSE, the answer to my question was "Won't work with what we are doing!"

Thanks Again
Michael [Wink]

(in reply to mwhitcomb@usa.net)
Post #: 3
RE: SSL FTP on NON 443 Port - 20.Jan.2004 9:03:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Michael,

why do you think it won't work?

As long as you can use the Firewall client it should work because implicit security is used! Just create a new protocol definition with TCP port 990 outbound as primary connection and the TCP port range 2010-2020 outbound (passive mode FTP) and/or inbound (active mode FTP) as secondary connection.

HTH,
Stefaan

(in reply to mwhitcomb@usa.net)
Post #: 4
RE: SSL FTP on NON 443 Port - 21.Jan.2004 12:03:00 AM   
mwhitcomb@usa.net

 

Posts: 31
Joined: 23.Jun.2001
From: Green Bay, WI, USA
Status: offline 		Stephan,

Thank you again, I reviewed you article again and I see what you are saying it wont work for Explicit connection breaking secureNAT so I guess thats what we'll do.

THANK YOU!

(in reply to mwhitcomb@usa.net)
Post #: 5
RE: SSL FTP on NON 443 Port - 21.Jan.2004 9:09:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Michael,

glad to hear I could help! [Smile]

Thanks,
Stefaan

(in reply to mwhitcomb@usa.net)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> SecureNAT Client >> SSL FTP on NON 443 Port Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts