Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 965 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FTP in IE to DMZ-Server takes 5 Min.

tov
Hi there, 

I’m running 7.501, Proxy SSO AD, Intrusion Prevention Internal-NW and DMZ-NW.

NAT: internal – external
NAT: internal – DMZ
NAT: DMZ – external
NAT: DMZ – internal

DNAT: T-Source Internal-NW, T-Service FTP, T-Dest. DMZ-NW, Destination DMZ-Server, Dest. Service FTP.

Packet-Filter: Internal-NW -> any -> DMZ-Server – allow.

Exeption Intrusion Prevention: Internal-NW to DMZ-NW.

I can reach http://DMZ-Server (IIS8) without problems, but ftp://DMZ-Server takes more than 5 Min. before the directory gets listed.

Where is my mistake?

tov

ASG 7.501


This thread was automatically locked due to age.
Parents
  • 0
    tov, try creating an exception in IPS for a Source of 192.168.1nn.0/24.  The other problem could be the A-V scan, so try putting 192.168.3n.0/24 into the transparent mode skiplist, or making an A-V exception for it.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    tov, try creating an exception in IPS for a Source of 192.168.1nn.0/24.  The other problem could be the A-V scan, so try putting 192.168.3n.0/24 into the transparent mode skiplist, or making an A-V exception for it.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data