• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ftp denied by enterprise default rule

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Web Proxy] >> Web Proxy Client >> ftp denied by enterprise default rule Page: [1]
Login
Message << Older Topic   Newer Topic >>
ftp denied by enterprise default rule - 4.Feb.2009 4:28:53 AM   
stu1st

 

Posts: 59
Joined: 4.Nov.2007
Status: offline 		Hello all,

Simple question, why ISA2006 server is denying all web clients to access a certain ftp server through a third party software ( isa log shows that ftp denied by enterprise default rule on port 21 ), on the other hand, all firewall clients can just connect smoothly, web & firewall clients are in same group ( same access rules applies to them)....so why is the Enterprise Default rule denying ftp to web clients and not firewall clients ???
Post #: 1
RE: ftp denied by enterprise default rule - 4.Feb.2009 10:25:16 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline 		Hi,

web proxy clients can handle only FTP over HTTP (FTP read-only).

You probably using user-based access rules, thatīs the reason your clients could not connect using the FTP software, unless you have the FWC installed.

SecureNAT clients canīt authenticate to ISA.

Regards,
Paulo Oliveira.

(in reply to stu1st)
Post #: 2
RE: ftp denied by enterprise default rule - 4.Feb.2009 11:52:34 AM   
stu1st

 

Posts: 59
Joined: 4.Nov.2007
Status: offline
quote:



web proxy clients can handle only FTP over HTTP (FTP read-only).

You probably using user-based access rules, thatīs the reason your clients could not connect using the FTP software, unless you have the FWC installed.


And what shall i do to solve it ??

(in reply to paulo.oliveira)
Post #: 3
RE: ftp denied by enterprise default rule - 4.Feb.2009 1:15:05 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline 		Hi,

either you have to install the FWC on all workstations or remove the authentication from your rule.

Regards,
Paulo Oliveira.

(in reply to stu1st)
Post #: 4
RE: ftp denied by enterprise default rule - 5.Feb.2009 12:05:29 AM   
stu1st

 

Posts: 59
Joined: 4.Nov.2007
Status: offline 		or remove the authentication from your rule....

which rule do you mean?? i added the all users to my firewall rule instead of authenticated users and didn't work, and of course i cant edit anything in the enterprise default rule !

So what did u mean exactly ?

(in reply to paulo.oliveira)
Post #: 5
RE: ftp denied by enterprise default rule - 5.Feb.2009 1:11:32 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline 		Hi,

can you please post details of your access rule?

Regards,
Paulo Oliveira.

(in reply to stu1st)
Post #: 6
RE: ftp denied by enterprise default rule - 5.Feb.2009 2:47:41 PM   
stu1st

 

Posts: 59
Joined: 4.Nov.2007
Status: offline 		Allow aceess to webusers group from internal to external for all protocols all the time, so basically it is allowing everything but for a certain group which myself is a member of.

Any clue ?

(in reply to paulo.oliveira)
Post #: 7
RE: ftp denied by enterprise default rule - 6.Feb.2009 8:50:50 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline 		Hi,

is your client machine default gateway configured with ISA internal IP?

quote:

Allow aceess to webusers group...

If you do not have the FWC installed on your machine, you must allow All Users group on your rule.

Regards,
Paulo Oliveira.

(in reply to stu1st)
Post #: 8
RE: ftp denied by enterprise default rule - 6.Feb.2009 9:01:15 AM   
stu1st

 

Posts: 59
Joined: 4.Nov.2007
Status: offline 		Hi Paulo,

My clients are web clients and not NAT clients if that what you are asking for ( client machines gateways not configured as isa internal NIC)....

I tried to give access in my rule to all users instead of a certain group (web users) but this didn't work ( while monitoring traffic from my machine i still see that ftp on port 21 is denied from Enterprise default rule on isa ....

And that's the main point, its not the firewall rule denying but the enterprise default rule and that's what exactly is confusing me !!!!

(in reply to paulo.oliveira)
Post #: 9
RE: ftp denied by enterprise default rule - 6.Feb.2009 10:55:13 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline 		Hi,

the problem I see here is that youīre not understanding the different types of ISA clients. Please read this for a better understanding: Internal Client Concepts in ISA Server 2006

Regards,
Paulo Oliveira.

(in reply to stu1st)
Post #: 10
RE: ftp denied by enterprise default rule - 6.Feb.2009 11:09:08 AM   
stu1st

 

Posts: 59
Joined: 4.Nov.2007
Status: offline 		Paulo,

I understand very well the difference between the 3 types of isa clients !!!

I don't think you got the point though....thanks for your help anyway.

< Message edited by stu1st -- 6.Feb.2009 11:13:43 AM >

(in reply to paulo.oliveira)
Post #: 11

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Web Proxy] >> Web Proxy Client >> ftp denied by enterprise default rule Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts