Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
we have a Sophos UTM 9 running in our company. It has installed a wildcard certificate for our domain and subdomain (*.company.com)
At the moment, we have (amongst others) a subdomain ftp.company.com which has firewall and DNAT rules in the UTM for all traffic arriving at port 21 to be transferred to our internal FTP server installed as a IIS role. BUT this only works for unencrypted (non ssl) traffic.
What I want to do is use the UTM as a reverse FTPs proxy to "ssl unwrap" the incoming FTPs traffic by using our wildcard certificate and then send the "regular" traffic to the FTP server.
Is this technically - and specifically with the UTM - possible?
I have searched the forum and found a lot of information regarding FTPs traffic coming from within the firewalled network but not from outside.
Thank you for your help!
Hallo Ken and welcome to the UTM Community!
There is no reverse FTP proxy available. I would modify your DNAT by replacing the FTP service with a Services Group containing FTP and FTPS, being careful to not violate #5 in Rulz.
Cheers - Bob
In reply to BAlfson:
In reply to chronowerx:
To my knowledge, Ken, there's no plan to add a reverse FTP proxy in either UTM or XG. Perhaps a Sophos employee will see this thread and comment one way or the other.
Yes, UTM can't do the SSL "unwrapping" of inbound FTPS.