I have install the firewall client to enable ftp access upload and download to/from external sites. What should the access policy look like to allow ftp? Also my pop3 wont work anymore with the firewall client running. I have created access rules to allow in and out pop3 but that dosent seem to help.
Thank you. I guess I am doing something wrong since the only way we can use ftp with the securenat client is to route the ftp traffic around the ISA server. I have tried creating access rules for ftp traffic however they do not seem to affect the ftp access.
I am sure that when I route ftp traffic around the isa server the inbound is routed around the isa server as well.
I have all the users default route to a 3com core builder and the default route for the corebuilder is the isa server which them routes out a 3com netbuilder on port 2. Port 1 on the 3com netbuilder is accessable as well and I can rout etraffic via the pc routing table to that port and thus get ftp traffic around the isa server.
< Message edited by plna -- 19.Apr.2006 5:59:56 PM >
From: fort frances.on.ca
Ahem... but... you missed my point entirely. I am not talking about deliberately routing around the ISA but rather the inverse, to get ISA S-NAT clients inbound traffic to NOT route around it. Take a network sniff to see what truly is happening.
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
I have done that in the past and traffic that routes out the isa server comes back through the isa server. It has to because of the packet information. when we were using isa 2000 we had no problem with ftp. Now that we are using isa 2004 we are. I am trying to figure that out.
it is with all sites. I have been able to get connected using ftp://username:email@example.com however i have to disable folder view in internet options under the advanced tab. This is ok for you and I but the end user may get confussed seeing this. But with this set up I can download files but I cannot upload files. So I am getting closer but not quite there yet.
there are two ISA related configuration settings that might enforce the FTP read only mode, that is not having the ability to upload files:
1. on the rule, check the FTP configuration setting 'read only' in the rule properties. By clearing this flag you will be able to upload files.
2. if the FTP client is acting as a Web Proxy client, that means that FTP through HTTP is used instead of plain FTP, then the Web Proxy component is handling the FTP request and by design, a CERN compatible Web Proxy does only support FTP download. So, to overcome that limitation you should make sure that the FTP client is *not* acting as a Web Proxy client.
Assuming that IE is configured as a Web Proxy client *and* that the Firewall client is installed too:
1. If the IE setting Enable folder view for FTP sites is not checked, then the FTP request is sent by IE as a Web Proxy client request, in other words as FTP over HTTP.
2. If the IE setting Enable folder view for FTP sites is checked, then the FTP request is sent by IE as a Firewall client request.
i have read his artilcle and will read it again shortly. When attempting to access ftp sites i am using internet explorer is this what you mean by web proxy? when i attemp via command line that dosent work either and i am also trying to use FTP Explorer but it dosent work.
I have been trying several things. I was under the impression that you needed the fwc to ftp so I was attempting that. When I have the fwc running I cant receive pop3. However I have since been made aware that the fwc client is not needed for ftp so the pop3 issue is gone. However i cannot get the ftp inbound and outbound working smoothly.