2 Replies Latest reply on May 29, 2012 11:54 AM by lubomir.cerny

    How to test active FTP connection via CLI console ?


      Hi folks,

      we have troubles setup active ftp connection via MWB7 ( or 7.2.0) behind Checkpoint firewall with statefull detection. Incomming connection is allowed only if outgoing connection is setup first. LIST command is OK using MWG FTP proxy module on port 2121. FTP connection ends with


      At FW logs, there is even NO comming conection from ftp server back to MWG as client ...

      On end user PC, FTP client shows:


      Status:    Connection exstablished, waiting for welcome page

      Response:    220 McAfee Web Gateway 7.1.0 build 12651

      Command:    USER domain\username

      Response    331 User name okay, need password.

      Command:    PASS ******

      Response:    230 User logged in, proceed.

      Command:    USER ixxx@ftp.xxx.cxx

      Response    331 User name okay, need password.

      Command:    PASS ******

      Response:    230 User ixxx logged in.

      Command:    SYST

      Response:    215 Windows_NT

      Command:    FEAT

      Response:    211-Features:

      Response:      SIZE

      Response:      MDTM

      Response:    211 End

      Status:    Connected

      Status:    Recieving folder list...


      Response:    257 "/isdl"

      Command:    TYPE I

      Response:    200 Type set to I.

      Command:    PORT 172,17,100,111,16,21

      Response:    200 Command okay.

      Command:    LIST

      Response:    150 File status okay; about to open data connection.


      The strange is, that if I bypass proxy and try dirrect active connection via the same client, connection is OK. Also old Squid proxy is abble to established active FTP connection to the same server.


      Is there any way to test ftp connection from CLI console to be sure, proxy applience is abble to connect ?


      UPDATE: I have tested ftp conection using lftp console client and it is able to open active ftp connection and parse data. Troubles are still with parsing data from connection open via MWG FTP proxy.

      Another thing is, that there is special settings for lftp (/etc/lftp.conf) to parse data for microsoft ftp service.


      Message was edited by: lubomir.cerny on 5/15/12 12:19:24 PM CEST