1 2 Previous Next 12 Replies Latest reply on Jan 19, 2012 12:51 AM by gardenhead_rules

    FTP Tutorial

    cestrada

      Anybody have a clear concise clarification on how FTP works using WebGateway?   Via the browser its a hit or miss.  One day FTP works fine other days, the appliance doesn’t allow my users to get into any FTP sites.  This is with any browser flavor e.g. IE\ Firefox\ Chrome, etc.  I find myself installing 3rd party FTP apps since they are easier to configure instead of the browser.

       

      I'm using 2121 as the FTP port.

        • 1. Re: FTP Tutorial
          asabban

          Hi Carlos,

           

          Browsers need to point to the HTTP Proxy Port for all protocols, even for FTP. The FTP Proxy on port 2121 is only working for native FTP Clients, e.g. FileZilla or similar.

           

          A browser will use FTP-over-HTTP, which works through the Proxy Port. This should work as expected.

           

          Best,

          Andre

          • 2. Re: FTP Tutorial
            cestrada

            Hello Andre,

             

            Yes I understand how to configure the browsers to utilize the port 2121 that’s not my issue.  My problem is any browser which uses the appliance it’s a hit or miss- very inconsistent.  I’ve checked logs and ran various tcpdumps but can’t see why this feature of the appliance is  very tedious.  

             

            Was wondering if anyone else has experienced similar problem with browsers using FTP and what the resolution was to fix.

            • 3. Re: FTP Tutorial
              dstraube

              Hello cestrada,

              Yes I understand how to configure the browsers to utilize the port 2121 that’s not my issue. 

               

              are you sure this is not your issue? As Andre has pointed out, your browser should be configured to port 9090, even for the FTP port. Port 2121 is only for dedicated FTP clients!

               

              Regards,

               

              Dirk

              • 4. Re: FTP Tutorial
                cestrada

                ftp.GIF

                Can you clarify, I dont use 9090 for my proxy HA so why should I use 9090 for browsers??  Are you saying I shouldnt have the 2121 on Proxy HA and change it to 9090 ??

                • 5. Re: FTP Tutorial
                  Jon Scholten

                  9090 is the default HTTP proxy port, it was just an example. They are not saying you shouldnt have 2121 on the port redirects. You are using port 80 or port 8080 for your HTTP proxy so you would have your browser configured as below (except with 80 or 8080 as the port):

                  ie-proxy.png

                   

                  With filezilla or other FTP clients would be configured using the FTP proxy port:

                  filezilla-proxy.png

                  Hope this helps you understand better what the purpose is between the different proxies.

                   

                  ~Jon

                  • 6. Re: FTP Tutorial
                    cestrada

                    Anyone know to use FTP via command prompt using the proxy.

                    • 7. Re: FTP Tutorial
                      Jon Scholten

                      Hi Carlos,

                       

                      IF LOCAL AUTH is not applying to FTP:

                       

                      ftp

                      open [IP-of-MWG] 2121

                      username@ftpserver.tld

                      password

                       

                      --------

                      IF USING AUTHENTICATION for FTP

                       

                      ftp

                      open [IP-of-MWG] 2121

                      local-user

                      local-password

                      username@ftpserver.tld

                      password

                       

                      In addition to the above, if you are URL filtering (and blocking everything) the inital commands will not have a URL associated with it, so you will need to allow the blank URL "ftp:" in order to allow the local authentication to take place (because there is no URL at that point). See screenshot below for an example.

                       

                      ftp-blank2.png

                       

                      There may be a more elegant way to do this, but it works.

                       

                      Hope this helps.

                      ~Jon

                      • 8. Re: FTP Tutorial
                        Jon Scholten

                        Hey Carlos,

                         

                        Did my response above help?

                         

                        ~Jon

                        • 9. Re: FTP Tutorial

                          Hi Jon,

                           

                          Is there any way to restrict FTP access on the basis of username? I am able to do this on the basis of IP. I am using Filezilla as FTP client. Below are theproxy settings.

                           

                          FTP.JPG

                          However as per the attached ruleset, if the FTP client's IP is not in the FTP Allowed IP list, I am getting the following message on Filezilla:

                          FTP_2.JPG

                          It seems that Filezilla is able to authenticate FTP proxy credentials, but not able to use the parameter Authenticate.Username. Is there any parameter available to allow only selected FTP Proxy credentials, access to FTP links?

                           

                           

                           

                           

                          1 2 Previous Next