Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
ftp access inconsistent
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
ftp access inconsistent - 25.Oct.2004 9:51:00 AM
|
|
|
raouledmonds
Posts: 3
Joined: 25.Oct.2004
From: sydney, australia
Status: offline
|
I am trying to implement ISA 2004 for to take advantage of its reporting features for a client. All our server infrastructure (inc routers) are outsourced and not a realistic cost to get them to implement.
We have one locally managed file server which we want to implement ISA on with a single NIC. We are currently tested using VirtualPC.
We have configured ISA with the default gateway pointing to the outbound router. The clients are configure with the DG pointing to the ISA server.
We used the single NIC template and configured the firewall to allow all outbound access from all networks to all networks.
We are not inputing the proxy details as at this stage we want to keep it all as straight forward as possible and this is supposed to be temp solution to ID so excessive downloads.
HTTP and HTTPS are ok but when using FTP client including cuteftp, flashfxp, filezilla and the CLI, we are getting inconsistent results including very rarely connecting. Usually it times out. Sometimes when telneting to port 21 we get the welcome banner and then nothing else, sometimes we don't even get this. We have tried PASV and Port mode but nothing is consistent.
When checking the logs without modifying any settings on the server or the client we get two different entries for FTP attemps. Usually one says soemthing to the effect 'ftp connection failed' and has the 'allow rule' listed. Usually however we get connection denied and nothing listed in the rule comlumn.
We are finding this very frustrating and there are two of us who are familier with ISA 2000 but never used 2004 who can't get our heads around what is happening.
Any help or advice would be greatly appreciated. All we really want is a comprehensive monitoring tool to id who, what, when, where and how our bandwith usage is 5 times what it should be. We choose ISA because we have a licence and thought it would be fairly straight forward.
If you want to recommend a completely different solution we are open to advice.
Thanks
Thanks
|
|
|
|
RE: ftp access inconsistent - 25.Oct.2004 1:00:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
NO.
1. The ISA firewall is a network firewall. Not a network 'reporter'
2. Install a second NIC in the ISA firewall and configure it appropriately.
3. Consider replacing the current firewall with an ISA firewall -- then you'll get the full reporting, access control, and security that only the ISA firewall can provide. It doesn't make sense to pay for a inferior solution just because its outsourced.
HTH,
Tom
|
|
|
|
|
RE: ftp access inconsistent - 26.Oct.2004 12:20:00 AM
|
|
|
raouledmonds
Posts: 3
Joined: 25.Oct.2004
From: sydney, australia
Status: offline
|
That would be my prefered solution but due to the outsourced infrastructure it is not really an option.
Our management is looking for a no cost solution (as usual) and the hosted provided want to charge what we all feel is excessive.
Are you saying that ISA can't work like this or just that it is more trouble then it's worth?
Thanks
|
|
|
|
|
RE: ftp access inconsistent - 26.Oct.2004 1:32:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Raoul,
It sounds like you might benefit more from an IDS/IPS device, instead of an ISA firewall. ISA ain't cheap, so you might be able to benefit from a free IDS/IPS solution.
HTH,
Tom
|
|
|
|
|
RE: ftp access inconsistent - 26.Oct.2004 11:25:00 PM
|
|
|
raouledmonds
Posts: 3
Joined: 25.Oct.2004
From: sydney, australia
Status: offline
|
We already have a licence for ISA. So we thought it would be the cheapest option for us.
Is it possible to configure ISA to do what we want in this single nic setup? Why is ftp giving us so many problems?
Thanks
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
