Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 712 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Setting up FTP and FTP-bounce attack

JasP

I'm trying to access an FTP server located in our Server Zone from our DMZ Zone (passive mode).

When the server initially responds from port 21 to the initial connection, the connection is being blocked by Sophos XG - "FTP-bounce attack" but I have set FtpBounce Prevention to 'data'.

I'm running SFOS 19.5 MR1

Any suggestions (apart from not use FTP, which I hate, but is the only option in this situation)?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to jprusch

    Thanks for the suggestion but I have already tried the solution "set advanced-firewall ftpbounce-prevention data", as I sort of said in my original post.

    I presume the point of this change is to prevent blocking the initial FTP port negotiation (control) messages (the default is "advanced-firewall ftpbounce-prevention control") but it doesn't seem to be working as it blocks the very first (control) response from the FTP server with the error "FTP-bounce attack".

  • 0 in reply to JasP

    Hi,

    any News? I unfortunately have the same problem.

  • 0 in reply to divkiv

    Hi,

    please create a support case.

    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Did the support help you with this problem?

  • 0 in reply to divkiv

    No

    I suspect a bug in the software an I need to open a case but that usually involves investing a lot of my time and it isn't a high enough priority ATM.

    We ran into the issue because we moved a printer to a different Zone and it uses FTP to send scans. Fortunately it can also send to mailboxes via SMTP so we are using that ATM. We generally try and avoid FTP because of firewalling issues and SFTP is a much better and more secure solution but this is a fairly old printer and doesn't support it.

Unfiltered HTML