This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FTP in IE to DMZ-Server takes 5 Min.

Hi there,

I’m running 7.501, Proxy SSO AD, Intrusion Prevention Internal-NW and DMZ-NW.

NAT: internal – external
NAT: internal – DMZ
NAT: DMZ – external
NAT: DMZ – internal

DNAT: T-Source Internal-NW, T-Service FTP, T-Dest. DMZ-NW, Destination DMZ-Server, Dest. Service FTP.

Packet-Filter: Internal-NW -> any -> DMZ-Server – allow.

Exeption Intrusion Prevention: Internal-NW to DMZ-NW.

I can reach http://DMZ-Server (IIS8) without problems, but ftp://DMZ-Server takes more than 5 Min. before the directory gets listed.

Where is my mistake?

tov

ASG 7.501

This thread was automatically locked due to age.

Parents

0 eiras over 16 years ago

Is a IPS problem.
Make a test, change your IPS policy from "Drop Silent" to "Terminate Connection".
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 eiras over 16 years ago

Is a IPS problem.
Make a test, change your IPS policy from "Drop Silent" to "Terminate Connection".
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 tov over 16 years ago in reply to eiras

Bob,
eiras,

IPS-policy was/is "Terminate Connection". No logs in IPS-log.

I tested (with IE8 and Firefox 3.5) and disabled in steps Intrusion Prevention, Masquerading, DNAT but nothing will help.
IPS-log is empty and in HTTP-log you can see the respose time:

2009:10:30-17:45:32 mail httpproxy[19270]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1nn.5" user="***x" statuscode="200" cached="4" profile="REF_JyjVvaUKUk (TEST_PROF)" filteraction="REF_qdPdcrzYpL (TEST_FACT)" size="2042" time="189207 ms" request="0xa90286a8" url="192.168.3n.7/.../html"

Any more ideas?

tov
Cancel
Vote Up 0 Vote Down

Cancel