This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FTPs Reverse Proxy with UTM possible and if yes, how?

Hi everybody,

we have a Sophos UTM 9 running in our company. It has installed a wildcard certificate for our domain and subdomain (*.company.com)

At the moment, we have (amongst others) a subdomain ftp.company.com which has firewall and DNAT rules in the UTM for all traffic arriving at port 21 to be transferred to our internal FTP server installed as a IIS role. BUT this only works for unencrypted (non ssl) traffic.

What I want to do is use the UTM as a reverse FTPs proxy to "ssl unwrap" the incoming FTPs traffic by using our wildcard certificate and then send the "regular" traffic to the FTP server.

Is this technically - and specifically with the UTM - possible?

I have searched the forum and found a lot of information regarding FTPs traffic coming from within the firewalled network but not from outside.

Thank you for your help!

Regards, Ken



This thread was automatically locked due to age.
Parents
  • Hallo Ken and welcome to the UTM Community!

    There is no reverse FTP proxy available.  I would modify your DNAT by replacing the FTP service with a Services Group containing FTP and FTPS, being careful to not violate #5 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob, please excuse the delay and thank you for your answer. Do you know if this feature ist planned at some point? Also, if I understand correctly, your solution would require the IIS to be outfitted with a SSL certificate. Regards, Ken
  • To my knowledge, Ken, there's no plan to add a reverse FTP proxy in either UTM or XG.  Perhaps a Sophos employee will see this thread and comment one way or the other.

    Yes, UTM can't do the SSL "unwrapping" of inbound FTPS.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • To my knowledge, Ken, there's no plan to add a reverse FTP proxy in either UTM or XG.  Perhaps a Sophos employee will see this thread and comment one way or the other.

    Yes, UTM can't do the SSL "unwrapping" of inbound FTPS.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children