I have created an ACCESS RULE to allow SFTP traffic but for the life of me it is not working as I would expect it to. Since TMG does not come with a standard SFTP portocol I created a user defined protocol, that allows TCP port 22 and Outbound as the direction. I also created a Computer Object which is the backend webserver, that it is allowed to communicate to.
The Access rule is from everywhere, to the web server. If I test the rule by using Filzilla, with the above configuration I don't see anykind of hit on the rule. If I change the Access Rule to to "All networks" as the "TO then I see hits on the rule but I get:
0x80074e21 FWX_E_ABORTIVE_SHUTDOWN and the Status states, "A connection was abortively closed after one of the peer ssent an RST packet".
Am I missing something in this access rule?
< Message edited by eastmarw -- 30.Jan.2012 8:36:46 PM >
As far as the TMG is concerned, SFTP or FTPS is the same as they are encrypted communication. Try this link. Someone in this forum claims he has success with the sFTP traffic.
As far as the TMG is concerned, SFTP or FTPS is the same as they are encrypted communication. Try this link. Someone in this forum claims he has success with the sFTP traffic.
Not true. SFTP (SSH FTP, port 22) is not equal to FTPS (FTP Secure, port 443). SFTP is "proxy friendly" since it is only using one port, not two like the regular FTP protocol. SFTP is "just" an SSH session for file transfer operating on port 22.
I am well aware of the differences between SFTP and FTPS, probably I didn't word it right. Without getting into details, basically ISA/TMG has no clue what's happening in the secure channel in SFTP and FTPS. So I meant to say there are quit a few things one has to do manually to allow these protocols. Having said that, I would strongly recommend you read the RFC docs related to the aforementioned protocols.
< Message edited by railfan -- 1.Feb.2012 8:53:30 AM >
Just as an additional note that may or may not help you, In my experience with TMG to get any type of FTP or FTP like service to work the client needs to have the TMG client installed and active.
There is already a system Protocol for SSH in TMG on Port 22. You may try using that one instead of the user Defined.
You will have to look under All Protocols to find it, but it is there.
I have a rule setup to allow SSH from Internal to a Specific External Client and it is working without issue. I however do not have any incoming publishing rules using SSH.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> Allowing SFTP thru TMG 
Allowing SFTP thru TMG - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread