Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 24 replies
  • Subscribers 8 subscribers
  • Views 40592 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using Explicit FTP over TLS

Owen

I have spent quite some time searching for a solution to this issue, but alas, I have not found one.
What I want to do seems like it should be a simple task, but I am having no success in getting it to work.

I am using Filezilla as a FTP client behind my Sophos UTM (v9.409-9 - home license) to connect to external FTP servers (for management of external websites).

When I try to use "Use explicit FTP over TLS if available" as my encryption option it authenticates to the FTP server but fails to do a directory listing.

Status:    Connection established, waiting for welcome message...
Status:    Initializing TLS...
Status:    Verifying certificate...
Status:    TLS connection established.
Status:    Logged in
Status:    Retrieving directory listing...
Command:    PWD
Response:    257 "/" is your current location
Command:    TYPE I
Response:    200 TYPE is now 8-bit binary
Command:    PASV
Response:    227 Entering Passive Mode (98,142,97,58,165,21)
Command:    MLSD
Error:    Connection timed out after 20 seconds of inactivity
Error:    Failed to retrieve directory listing

If I use "Only use plain FTP (insecure)" as my encryption option everything works fine, but that is not the way I would prefer to connect to the FTP servers.

I have viewed the firewall log while trying to connect using Explicit FTP over TLS, but I see absolutely no indication of this in the live log.
Surely I am not the only person that has this issue.

 

So... my question is a simple one.
How do I configure the UTM to allow me to use Explicit FTP over TLS to connect to an external FTP server when using Filezilla?

 



This thread was automatically locked due to age.
Parents
  • +1

    BigO, this is what you need:

    Works like a charm!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I have enabled FTP Proxy, Internal (network) is allowed, Operation Mode set to both, hosts allowed set to Any

    When i try to connect to ftp from Filezilla or ftp (commandline client) on Windows i get Connetion timed out.

    No traffic in the firewall logs and no traffic in FTP Proxy logs.

    After disabling FTP Proxy i can see traffic in the firewall logs

     

    I'm a doing something wrong? Why the Transparent mode doesn't work?

  • 0 in reply to stn

    Andrezej, I use FileZilla in explicit proxy mode - it's configured to use port 2121.  I haven't tried using FTP in Transparent with an FTP client - only when using a browser with Web Filtering also in Transparent.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to stn

    Andrezej, I use FileZilla in explicit proxy mode - it's configured to use port 2121.  I haven't tried using FTP in Transparent with an FTP client - only when using a browser with Web Filtering also in Transparent.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
Unfiltered HTML