• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Proxying FTP (Newbie Question)

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> Proxying FTP (Newbie Question) Page: [1]
Login
Message << Older Topic   Newer Topic >>
Proxying FTP (Newbie Question) - 6.Jul.2012 10:24:56 AM   
mpascucci

 

Posts: 7
Joined: 14.Nov.2011
Status: offline
We're currently proxying web traffic HTTP and HTTPS through our TMG 2010 setup. I was wondering how you go about proxying FTP or any other protocol for that matter through the TMG? I'm somewhat new to TMG and I was trying to get a better understanding of how this works and how to set it up with other protocols.

I see where it states the port enabled for HTTP traffic, but I can't seem to find where the HTTPS traffic port (if it needs it) or places to start proxying other protocols.

Thanks again.
Post #: 1
RE: Proxying FTP (Newbie Question) - 9.Jul.2012 7:21:56 AM   
dvizzle

 

Posts: 236
Joined: 20.Apr.2009
Status: offline
If you add the FTP protocol to your access rules you will start proxying it.

Remember, your default rule is to block all, so if you do not specify a rule allowing it under some circumstance, it will fail.

(in reply to mpascucci)
Post #: 2
RE: Proxying FTP (Newbie Question) - 9.Jul.2012 8:54:04 AM   
mpascucci

 

Posts: 7
Joined: 14.Nov.2011
Status: offline
@dvizzle - Thanks, I eventually figured this out after looking at it for a while. Last question - Does FTP or any protocol for that matter use the same communication port as HTTP to communicate to the proxy or do you need to have this configured somewhere else?

(in reply to mpascucci)
Post #: 3
RE: Proxying FTP (Newbie Question) - 9.Jul.2012 9:47:09 AM   
dvizzle

 

Posts: 236
Joined: 20.Apr.2009
Status: offline
The default protocol port is 21. If you use a different port, you can create a custom protocol and define the port, then use that custom protocol in your rules.

(in reply to mpascucci)
Post #: 4
RE: Proxying FTP (Newbie Question) - 18.Jul.2012 3:21:35 AM   
mahaddon

 

Posts: 19
Joined: 3.Apr.2009
Status: offline
it's also worth checking the FTP protocol properties to configure it as appropriate to your requirement. I think that by default it is read only which means download but not upload.

Also if the destination FTP sites require a login and password then you might find that you need to install MS Firewall Client for TMG on the client pcs to send the FTP site credentials through your TMG access rule. You shouldn't need this for sites that allow annonymous connections though but you may still need it for sites that allow annonymous connections but that expect you to type in your email address as a password.

(in reply to mpascucci)
Post #: 5
RE: Proxying FTP (Newbie Question) - 18.Jul.2012 7:06:47 AM   
dvizzle

 

Posts: 236
Joined: 20.Apr.2009
Status: offline
You can FTP without the desktop client. You will just have to edit the FTP URL as

ftp://username:password@ftpsite.com

Because TMG will pass the AD credentials by default instead of prompting for auth. This URL method lets you use a different user account..

(in reply to mahaddon)
Post #: 6
RE: Proxying FTP (Newbie Question) - 18.Jul.2012 7:16:19 AM   
mahaddon

 

Posts: 19
Joined: 3.Apr.2009
Status: offline
thanks for the info. I didn't know that.

(in reply to dvizzle)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> Proxying FTP (Newbie Question) Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts