cancel
Showing results for 
Search instead for 
Did you mean: 
sec-wartung
Level 7

Problems with FTP over Filezilla

Hi,

we are using webgateway 7.0 and have problems with ftp with filezilla. With our old webgateway 6.8 solution ftp is functional with the following parameters in filezilla:

Host: <webgateway 6.8>

User:  <wg-user>@<ftp-server-user>@<ftp-Server>

Password: <wg-password>@<ftp-server-password>

With these parameters a connection can be established with webgateway 6.8.

If I use the same parameters with webgateway 7.0 I get the following error:

Status:    Verbinde mit webgateway1:21...
Status:    Verbindung hergestellt, warte auf Willkommensnachricht...
Antwort:    220 McAfee Web Gateway 7.0.1 build 8505
Befehl:    USER esctest01@esc@ftp-server
Antwort:    331 User name okay, need password.
Befehl:    PASS ******************
Antwort:    530-The URL ftp://esctest01@esc@ftp-server/ needs authentication.
Antwort:    530-URL: ftp://esctest01@esc@ftp-server/
Antwort:    530-User name:
Antwort:    530 
Fehler:    Kritischer Fehler
Fehler:    Herstellen der Verbindung zum Server fehlgeschlagen

With webgateway 6.8 I get the following status infos:

Status:    Verbinde mit webwasher1:21...
Status:    Verbindung hergestellt, warte auf Willkommensnachricht...

Antwort:    220 McAfee Web Gateway FTP Proxy 6.8.6 build 6257
Befehl:    USER esctest01@esc@ftp-server
Antwort:    331 User name okay, need password.
Befehl:    PASS ******************
Antwort:    230 User esc logged in.
Status:    Verbunden
Status:    Empfange Verzeichnisinhalt...
Befehl:    PWD
Antwort:    257 "/" is current directory.
Befehl:    TYPE I
Antwort:    200 Type set to I
Befehl:    PASV
Antwort:    227 Entering Passive Mode
Befehl:    LIST
Antwort:    150 File status okay; about to open data connection.
Antwort:    226 Transfer complete.
Status:    Anzeigen des Verzeichnisinhalts abgeschlossen

Can you tell me what's the problem?

If I configure webgateway 7.0 as ftp-proxy in filezilla a connection can be established.

Thanks.

Regards,

Janine

0 Kudos
9 Replies
eelsasser
Level 15

Re: Problems with FTP over Filezilla

See what happens when you use the FTP Proxy option in FileZilla.

I use that all the time and it works with 7 very nicely.

Image1.jpg

Afterwards, you don't need to embed the user and password into each site's settings, just setup the site's profile as if it were direct.

0 Kudos
DBO
Level 9

Re: Problems with FTP over Filezilla

Last time I checked Filezilla, the proxy logon and password was in clear in the config file and there were no option to ask for the proxy password at each connection as in WS-FTP.  Did that change?

Ce message a été modifié par: DBO on 30/12/10 09:11:38 CST
0 Kudos
eelsasser
Level 15

Re: Problems with FTP over Filezilla

No, that is still the same. But also consider that FTP password are always in the clear on the wire anyway.

So, even if you enter the password for each session, you aren't protected very much. It can always be intercepted and sniffed.

0 Kudos
DBO
Level 9

Re: Problems with FTP over Filezilla

I don't really care about the FTP password BUT, The proxy Logon and Password is the Domain User logon and password and this, cannot stay in clear on the workstation.

0 Kudos
asabban
Level 17

Re: Problems with FTP over Filezilla

Hello,

plain FTP does not provide encryption of the data exchanged between FTP Client and FTP Server. Since MWG is acting as an FTP Server for the Client here, all data is unencrypted. To have this encrypted it would be required to use FTP over TLS or similar, which is not yet possible.

I see two options for preventing that Domain passwords become visible:

- Create seperate Users for FTP access, either in the external directory or local User DB and hand this over to the users that need to do FTP. This may work in a smaller environment.

- Use the authentication server, as it would work with the IM proxy, e.g. if you try to access via FTP you will see an error page unless you browse to some URL and authenticate against the authentication server with your credentials. This can be SSL encrypted. After you successfully authenticated, you will have X minutes to complete your FTP tasks, before you have to authenticate again.

It works similar for IM, I think it should be possible to tweak the rule sets. Not very comfortable, but more secure.

We will only need this for native FTP Clients, FTP-over-HTTP (downloads from FTP servers) are not affected here.

Please note the above samples are just "ideas". They may or may not work. Please let me know if you need some more details.

Best,

Andre

0 Kudos
sec-wartung
Level 7

Re: Problems with FTP over Filezilla

Hi,

yes I know. If I configure the ftp-proxy like you did, it works.

But my question is: Why doesn't work the ftp-connection with the embed parameters in webgateway 7.0? Our customer uses this method.

With webgateway 6.8 the ftp-connection with embed parameters works fine.

Regards,

Janine

0 Kudos
eelsasser
Level 15

Re: Problems with FTP over Filezilla

Yes, the behaviour is different.

As I recall, I think it was changed because a lot of people had @ signs in both the username and/or passwords. So there was no way to tell when to split them:

Local User: myusername@mydomain.local

FTP User: myemail@mydomain.com

Local password: myP@sswordh@sthe@sign

FTP password: myemail@mydomain.com

Which would then become:

user: myusername@mydomain.local@myemail@mydomain.com@FTP.site.com

password: myP@sswordh@sthe@sign@myemail@mydomain.com

How do you figure that one out?

If you are doing command line, you can still:

c:\My Documents\Desktop>ftp 192.168.2.230
Connected to 192.168.2.230.
220 McAfee Web Gateway 7.0.2 build 9319
User (192.168.2.230Smiley Sadnone)): LOCALUSER
331 User name okay, need password.
Password: LOCALPASSWORD
230 User logged in, proceed.

ftp> user FTPUSER@192.168.2.10
331 User name okay, need password.
Password: FTPPASSWORD
230 User logged in.

And this method has also always worked in version 6.8 too.

0 Kudos
itagsupport
Level 9

Re: Problems with FTP over Filezilla

Hi

This on doesn't work out for my customer. They have "@" in the username and there is no way in MWG7 to make it work, except when I put the username in quotes. Up to now, they used the "quote site ftp-server-address"  command in 6.8, which works fine.

On MWG7, it doesn't work anymore. A packet trace of the traffic from MWG to FTP Server shows that MWG just cuts off everything after and includind the "@" in the username.

Thus:  the username sent to the server is just "username" instead of username@domain.com.

Any idea?

Regards

Roman

0 Kudos
gahillbilly
Level 7

Re: Problems with FTP over Filezilla

There is some sort of problem with recent version of FileZilla. I've had repeated failures with Filezilla on both XP and Win7 systems. All the failures began on working FileZilla installs AFTER an upgrade.

I've had partial success with endless setting tweaks, but ONLY partial. The FileZilla developers seems to be in denial about this, and simply refer people to the Wiki in very dismissive way. It appears that they don't know what they broke.

However, at least on my systems, reverting to version FileZilla 3.3.4.1 http://www.oldapps.com/filezilla.php?old_filezilla provided a complete fix. You'll have to uninstall and try for yourself to see if it works for you. But, it takes about 5 minutes to find out.

GaHillBilly

0 Kudos