Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

passive ftp

Status
Not open for further replies.
mmaleh

mmaleh

IS-IT--Management
Jun 18, 2003
67
US
Hello,
I have a symantec 200 with an ftp server behind it. Some of my clients have a hard time connecting to it. They are prompted for a username and password and then the ftp site just hangs with the flash light and eventually gets a time out error. Most people have no problems but I suspect this has something to do with passive or active ftp. My ftp server is setup to allow both but how can I pass both through my 200? any thoughts? thanks!
-m
 
Sort by date Sort by votes
with the flash light" sounds like Internet Explorer, so my first thoughts are to make sure that IE is fully patched and in the Advanced Options, make sure that 'enable folder view for FTP' is enabled as well as 'Use passive FTP'. If some users can get through the firewall appliance and others can't it's probably a client side issue.
 
Upvote 0 Downvote
well I did some tests and I know its a passive issue on my side- my server is allowing passive but my router/firewall is not. Its blocking the outgoing ports for passive. do you know if I can open passive ports on the symantec 200 manually?
thanks!
-m
 
Upvote 0 Downvote
I would think so, but I'm not familiar with that device. But....passive FTP ports could cover a very large range. You might first want to limit your server to a small range of ports, then you will only need to open a smaller range on the firewall.
 
Upvote 0 Downvote
We have been experiencing similar problems with our Symantec Firewall/VPN 100. I investigated it on the Symantec support site and found the following:

Solution:
Only active FTP connections are supported for inbound FTP Virtual Servers.

This is because passive FTP mode requests that the client and server connect to each other's own IP addresses and specified ephemeral ports (ports greater than 1024). The return data from the FTP server includes it's own IP address (in this case, a non-Internet-routable address). The passive FTP client attempts to contact the FTP server address, and not the public address used in the original connection attempt.

Passive FTP also requires that inbound ports be open to permit data connections on ports within the ephemeral port range. Because the data connections are created on a large range of ports and are unpredictable, opening your security gateway to inbound traffic of this nature is not feasible.

Symantec Enterprise Firewall, Symantec VelociRaptor, as well as Symantec Gateway Security 1.0 and Symantec Gateway Security 5400 Series appliances support both active and passive inbound connections, if you need passive access to an internal FTP server.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bpafc
  • Locked
  • Question
FTP login delay
Replies
2
Views
108
bpafc
bpafc
DWheater
  • Locked
  • Question
FTP through Back to Back Firewalls
Replies
0
Views
66
DWheater
DWheater
Egghead2
  • Locked
  • Question
File Transfer Issue Using Active FTP - Port Command
Replies
1
Views
108
allworxguy
allworxguy
PCHomepage
  • Locked
  • Question
Accessing FTP As Explorer Location
Replies
5
Views
97
PCHomepage
PCHomepage
tommyaleks
  • Locked
  • Question
Something Is Wrong With My Ftp Setup/domain Name, Need Help Please
Replies
1
Views
89
pansophic
pansophic

Part and Inventory Search

Sponsor

Back
Top