This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Active FTP over TLS doesn't work

Hello everyone, 

I'm getting in trouble since I tried to configure my FTP client with an active connection instead of a passive one. My FTP client is Cobian Backup 11 with who I'm using a TLS connection with the followings settings : 

And I use FileZilla as FTP server. I won't providing you the settings of it, there are too many. Althought, I'm pretty sure that the problem isn't coming from FileZilla because I'm able to set up a TLS connection with the active FTP mode with another FTP client who's not behind my Sophos UTM using the same Cobian's settings.

I precise by the way that when I disable the TLS connection, I manage to use the FTP active mode. 

To understand the problem I first used wireshark on my FTP server. Firstly with etablishing a connection with my FTP client behind the Sophos and I saw that :

I'm not able to understand this rapport of wireshark which appears in the last layer (TCP) but I guess that the acknowledgment that the client replied isn't good.

To compare, here is the wireshark capture at the same line with the working FTP client (without UTM) : 

Here is no problem in the acknowledgment reply. We can see that there isn't any "Options" line between the "Flags" and "SEQ/ACK analysis" lines to compare with the other capture. What is it ? 

Then after to use Wireshark I looked at my firewall logs of the FTP server and the FTP client that doesn't work. There is something very strange here : 

We can see that my FTP server (10.69.1.4) is sending something from the port 20 to the port 31 000 of the FTP client. However, when I'm looking at the firewall logs of my client, this packet doesn't appears. 

I don't understand what's going on here, if you have any idea you're welcome. Thanks for your help.



This thread was automatically locked due to age.
Parents
  • Salut Manu,

    Is Cobian capable of using the UTM's FTP Proxy on port 2121?  If so, what do you see in the FTP Proxy log related to your issue?

    Cheers - Bob
    PS You're new here, so you wouldn't know that  it's easy to drag pictures directly into your post.  We can't know if that external site is properly protected. The only malware I've gotten in over 10 years was from an external link to a picture in this forum several years ago.  Please Edit your post, and insert your images into it. Thanks in advance!

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Salut Manu,

    Is Cobian capable of using the UTM's FTP Proxy on port 2121?  If so, what do you see in the FTP Proxy log related to your issue?

    Cheers - Bob
    PS You're new here, so you wouldn't know that  it's easy to drag pictures directly into your post.  We can't know if that external site is properly protected. The only malware I've gotten in over 10 years was from an external link to a picture in this forum several years ago.  Please Edit your post, and insert your images into it. Thanks in advance!

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data