Hi Tom, the workaround suggested by the KB article is to use the PASV mode. This is ok, and i agree on the fact that when passing on a firewall is best to use the FTP PASSIVE mode.
But i have some users that has written some script that use the standard "ftp.exe", that don't support the PASV mode, and the users told me the usual "but yesterday worked (isa standard) and today not (isa ee)"....
So, i prefer to have this problem fixed on the isa server. I'm in contact with the microsoft PE (proactive essential), hope they help me soon.
Hi Stefaan, based on my test the problem is not 100% fixed on isa 2004 ee. I tried connecting to ftp.microsoft.com using the standard ftp.exe (fom xp professional machine + firewall client installed from isa 2004 ee) and when you do a "dir" you have no response. If you do the same thing directly from the isa2004 ee machine, it works!
I noticed that the dll version of the firewall client is different between isa 2004 pro and ee.
Firewall client installed from isa 2004 EE:
FwcRes.dll 4.0.3439.50 FwcWsp.dll 4.0.3439.50
Firewall client installed from isa 2004 std SP1:
FwcRes.dll 4.0.3440.81 FwcWsp.dll 4.0.3440.81
Maybe this has something to do with the anomaly??
ps: still waiting response from microsoft tech supp.
The problem was that between the isa ee internat interface (phisical+nlb) was activated an access list on a hardware firewall. I guess what are you tkinking now: "why another firewall, is isa not enough?".
Unfortunately no, for a lot of "networking-cisco-people" not. They prefer to use ONLY hardware firewall and they consider isa stuff insecure etc etc.
A lot of people are really closed-mind, they don't understand the benefit that can isa 2004 provide in term of authentication and manageability....