Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 26 subscribers
  • Views 701 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FTP Server behind Firewall - SSL/TLS doesnt work with Scan FTP for Malware

Ian Rogers

Hi, 

I have Filezilla FTP server running behind XG 18.5 firewall.

I have the FTP DNAT rules set up for both port 21 and the PASV ports, and I have been testing using Passive FTP due to the systems that will be connecting to the server.

If I have the setting "Scan FTP for Malware" enabled on the DNAT rule :

  • Passive FTP (Plain FTP only) works if the internet IP address is set to the local IP of the server in the FileZilla Passive Mode configuration,
  • Explicit SSL/TLS connections do not work, the connection times out and the filezilla server shows its just waiting to complete AUTH SSL negotiation.

When I turn off the setting "Scan FTP for Malware" on the DNAT rule:

  • Passive FTP (Explicit SSL/TLS & Plain FTP) works if the internet IP address is set in FileZilla to the WAN IP.

This shows that the FTP helper is doing something in XG, but I dont know how I can get the Explicit SSL/TLS connections working with XG scanning for malware on the FTP connection.

Any ideas?

Thanks

Ian  



This thread was automatically locked due to age.