I have created an ACCESS RULE to allow SFTP traffic but for the life of me it is not working as I would expect it to. Since TMG does not come with a standard SFTP portocol I created a user defined protocol, that allows TCP port 22 and Outbound as the direction. I also created a Computer Object which is the backend webserver, that it is allowed to communicate to.
The Access rule is from everywhere, to the web server. If I test the rule by using Filzilla, with the above configuration I don't see anykind of hit on the rule. If I change the Access Rule to to "All networks" as the "TO then I see hits on the rule but I get:
0x80074e21 FWX_E_ABORTIVE_SHUTDOWN and the Status states, "A connection was abortively closed after one of the peer ssent an RST packet".
Am I missing something in this access rule?
< Message edited by eastmarw -- 30.Jan.2012 8:36:46 PM >
Not true. SFTP (SSH FTP, port 22) is not equal to FTPS (FTP Secure, port 443). SFTP is "proxy friendly" since it is only using one port, not two like the regular FTP protocol. SFTP is "just" an SSH session for file transfer operating on port 22.
I am well aware of the differences between SFTP and FTPS, probably I didn't word it right. Without getting into details, basically ISA/TMG has no clue what's happening in the secure channel in SFTP and FTPS. So I meant to say there are quit a few things one has to do manually to allow these protocols. Having said that, I would strongly recommend you read the RFC docs related to the aforementioned protocols.
< Message edited by railfan -- 1.Feb.2012 8:53:30 AM >