Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 1 subscriber
  • Views 2763 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Astaro Security Gateway 7 and Active Mode FTP Connections

neeraj
Hello,

I have setup Astaro Security Gateway 7 and except two things it is running fine. First FTP does not connect in "Active Mode" they only connect in Passive mode but my FTP Server does not support Passive mode.

Second we use Skype and when doing voice chat, voice get chopped and not so clear. Also when doing file transfer it always get replayed so speed turns to be very slow. While not using Astaro Gateway everything works fine with Skype.

Thanks in advance.


This thread was automatically locked due to age.
  • 0
    Version 7.405?

    Please show a picture of your DNAT to your FTP server.  Also, the lines in the packet filter log when an access is blocked.

    Are you controlling Skype in IM/P2P?  What setting do you have?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hello,

    In IM/P2P, I have even not enabled IM part, also tried completely disabling IM/P2P section but no help.

    Everytime file transfers it shows relayed transfer and speed gets very slow, even in voice chat, voice chops.

    For the DNAT picture, sorry I don't have access to that area.

    Thanks
  • 0
    Picture of 'DNAT/SNAT' tab in 'Network Security >> NAT' showing the DNAT to your FTP server.

    Lines from 'Packet Filter' log ('Logging >> View Log Files') showing dropped packets.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    @BAlfson

    Attached are the log for dropped packets of ftp connection and screen shot of DNAT/SNAT.

    Any words on the IM (skype) voice chat problem ?

    Thanks
  • 0
    FTP: Now I understand - I thought you meant that you had an internal FTP server that you were offering to the public.  Now, I understand that you are trying to reach an external webserver from a PC in your internal network.  To be able to do FTP accesses from inside your network, you can enable the FTP Proxy or create a packet filter rule 'Internal (Network) -> FTP -> Any : Allow', but you don't need both.

    Since the title of this thread is about FTP, I suggest you open a new thread with your Skype question.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Same problem here.
    My FTP only operating in passive mode. On Windows Explorer (Active mode) i give a timeout message. Any ideas?
  • 0
    Look in the Packet Filter log.  What traffic is being blocked?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    There appears no log block, apparently the rule works. I tested in the commmand.exe using the ftp.exe and FTP works (passive mode, port 21), but not by Windows Explorer. Everything worked well in the 7405 version, the upgrade for 7500 started this problem. [:(]
  • 0
    What do you have in place instead of the Astaro gateway, when you say " While not using Astaro Gateway everything works fine with Skype.".

    What system is in use instead of the ASG then? A different firewall? An internet router? nothing ?
  • 0
    Is the IPS. I turn it disabled and the FTP back to work again.

    :/

    Analising this now...