This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FTP in IE to DMZ-Server takes 5 Min.

Hi there,

I’m running 7.501, Proxy SSO AD, Intrusion Prevention Internal-NW and DMZ-NW.

NAT: internal – external
NAT: internal – DMZ
NAT: DMZ – external
NAT: DMZ – internal

DNAT: T-Source Internal-NW, T-Service FTP, T-Dest. DMZ-NW, Destination DMZ-Server, Dest. Service FTP.

Packet-Filter: Internal-NW -> any -> DMZ-Server – allow.

Exeption Intrusion Prevention: Internal-NW to DMZ-NW.

I can reach http://DMZ-Server (IIS8) without problems, but ftp://DMZ-Server takes more than 5 Min. before the directory gets listed.

Where is my mistake?

tov

ASG 7.501

This thread was automatically locked due to age.

Parents

0 BAlfson over 16 years ago

Maybe the problem is related to the reason you have masq rules between DMZ and Internal as those two rules shouldn't be needed.

7.5 has a much more robust set of IPS rules than earlier versions; is there anything in the Intrusion Protection log?

Are both the http and ftp accesses being done with a browser? Which one?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 16 years ago

Maybe the problem is related to the reason you have masq rules between DMZ and Internal as those two rules shouldn't be needed.

7.5 has a much more robust set of IPS rules than earlier versions; is there anything in the Intrusion Protection log?

Are both the http and ftp accesses being done with a browser? Which one?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data