Announcement

Collapse
No announcement yet.

How to find which module is blocking a Passive FTPS session?

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    How to find which module is blocking a Passive FTPS session?

    If I set the host to be bypassed then the FTPS session works, however, when not bypassed then something is blocking it. I can't seem to find any entries as to what that something is though.

    Here's the Pipleline for the blocked session: ftp-control-client-side,nat-ftp-ctl,virus-ftp-ctl,virus-ftp-ctl,ftp-control-server-side,threat-prevention-other,firewall,capture-octet,wireguard-vpn,openvpn,wan-balancer,application_control-raw,bandwidth,router
    Tags: None
  • #2
    Is the FTPS server on the LAN side or WAN?
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email [email protected]

    Comment

    • #3
      It's possible nothing is blocking it. It seems like some remote services are sensitive to the way this type of firewall (not just Untangle!) tears down and rebuilds packets. This isn't necessarily even about the type of service (most FTPS hosts might do fine) but could even be a specific provider's installation.
      Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.5.2 to protect a 1Gbps fiber link for ~450 residential college students and associated staff and faculty

      Comment

      • #4
        Originally posted by jcoffin View Post
        Is the FTPS server on the LAN side or WAN?
        The FTP server is on the WAN side.

        Comment

        • #5
          Originally posted by jcoehoorn View Post
          It's possible nothing is blocking it. It seems like some remote services are sensitive to the way this type of firewall (not just Untangle!) tears down and rebuilds packets. This isn't necessarily even about the type of service (most FTPS hosts might do fine) but could even be a specific provider's installation.

          I suppose that's also possible. We're using FileZilla server and have been for over a decade now with ~5000 customers so it's very well tested and has been very reliable

          I just noticed that when we put Untangle in at our office that FTPS no longer worked as it just times out when the TLS connection starts, however, other firewalls like Sonicwall (I know that several hundred or thousand of the customers use them) are fine.

          I'm guessing just bypassing FTP to the subnet our FTP servers are on may be the only option at this point?
          Last edited by jlficken; 09-18-2023, 06:52 AM.

          Comment

          • #6
            The virus blockers are the largest culprits, they can and do by default muck with FTP pretty hard.
            Rob Sandling, BS:SWE, MCP, Microsoft Certified: Azure Administrator Associate
            NexgenAppliances.com
            Phone: 866-794-8879 x201
            Email: [email protected]

            Comment

            • #7
              It's been a long time since I've heard about FileZilla, but if memory serves, it has to be bypassed to work. Even if no apps are acting on it, the transition to and from the UVM itself breaks those connections.

              To answer the thread question itself, use Reports: Troubleshooting blocks in NG Firewall using Reports
              Græme Ravenscroft • Technical Marketing Engineer
              ('gram', like the unit of measurement)
              he/him
              How can we make Arista ETM products better?

              Comment

              Previous template Next
              Working...
              X
              😀
              🥰
              🤢
              😎
              😡
              👍
              👎