Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Scan ftp for malware

Hello.

Recently i did an update to SFOS v18. One of my rule is FTPs server . The problem is when i sett "scanftpformalware" i cant connect to my ftp server. App is saying "ssl handshake timed out" is there any clue on that ?;)

Logs from FILEZILLA:

14:08:58 Status: Connection established, waiting for welcome message...
14:08:58 Response: 220 NASFTPD Turbo station 1.3.5a Server (ProFTPD)
14:08:58 Command: AUTH TLS
14:08:58 Response: 234 AUTH TLS successful
14:08:58 Status: Initializing TLS...

 

15:48:36 Status: Connection established, initializing TLS...
15:48:36 Error: GnuTLS error -15: An unexpected TLS packet was received.
15:48:36 Status: Connection attempt failed with "ECONNABORTED - Connection aborted".
15:48:36 Error: Could not connect to server

 

My guess is that there is sth messy with DPI for that traffic. Cuz the traffic must be inspected to see for malware maybe do ya have some ideas.



This thread was automatically locked due to age.
  • Roman,

    Can you check that the Following ftp commands have been maintained during the upgrade?

  • The case is that im not using active mode but passive.  Range port is 65536-65539 and service port is 21 <--- maybe its the problem that im using actve port (21) on passive mode. cuz default is 990 if im good remember ;)

     

    And more important, what these command does ? will be the trafiic inspected as intended ? ;)

    set advanced-firewall ftpbounce-prevention data

     

    INFO FROM CONSOLE:

    set service-param FTP add port 21
    ---> Can't configure port 21 as non-standard-port.

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

  • Ok, somehow its woring. but from my point of view i thought its gonna to inspect the traffic. so i did some testing like i was trying to upload a "malware" <-- a file from eicar.org and file was sended without any problem.. hm. tha same is with https on port 8443.


    show service-param
    Service Ports
    ------- -----
    HTTPS 8443
    FTP 990
    ------------------------------------

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb