cancel
Showing results for 
Search instead for 
Did you mean: 

MWG7 FTP proxy service - making it transparent for clients

Jump to solution

Is it technically possible to have a network setup that redirects outgoing FTP client traffic through the MWG7 FTP proxy service (default port 2121) so that FTP traffic automatically passes through MWG7 without having to explicitely configure the FTP clients to use the MWG7 proxy service?  By FTP client I mean an actual FTP client (ex: ftp.exe) and not a web browser that's connecting to a FTP site.

1 Solution

Accepted Solutions

Re: MWG7 FTP proxy service - making it transparent for clients

Jump to solution

The only possible way is with transparent router or transparent bridge. Neither of which i'm very fond of for a whole variety of reasons.

4 Replies
btlyric
Level 12
Report Inappropriate Content
Message 2 of 5

Re: MWG7 FTP proxy service - making it transparent for clients

Jump to solution

This is probably not particularly helpful, but AFAIK, WCCP doesn't work for FTP with MWG so that's not an option.

Interested in hearing about how others are dealing with this particular situation.

Re: MWG7 FTP proxy service - making it transparent for clients

Jump to solution

Actually that is a bit helpful since I've been trying to do this via various types of redirects through a firewall and so far have been getting stuck.  In one scenario the FTP client sends a SYN packet to the external FTP server (ex: 192.0.1.2:21) the firewall intercepts this and forwards it to the MWG7 FTP proxy service (10.1.2.3:2121), the proxy service sends a SYN ACK back to the FTP client but through a different IP address and port number than what the FTP client sent the SYN packet to, and so naturally the client system sends a RST packet back since the SYN ACK response is not an established connection (its sending a SYN to 192.0.1.2:21 but is getting a SYN ACK from 10.1.2.3:2121 instead of 192.0.1.2:21) and things simply don't progress further from here.

In another scenario a FTP connection manages to get established but gets stuck after the FTP PORT command is sent.

Before spending more time on this -- and possibly finding out that its not possible to achieve, especially given the way that FTP works through 2 ports for file transfers -- I figured I'd ask the forum to see if anybody's pulled this off.

Re: MWG7 FTP proxy service - making it transparent for clients

Jump to solution

The only possible way is with transparent router or transparent bridge. Neither of which i'm very fond of for a whole variety of reasons.

McAfee Employee jebeling
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: MWG7 FTP proxy service - making it transparent for clients

Jump to solution

7.5.1 supports FTP redirect using WCCP.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community