For Web Proxy, standard mode provides multiple technical benefits, so I assumed that standard mode FTP proxy would be preferable to transparent-mode FTP proxy. My testing has challenged that assumption.
My favorite test site has been to open a web page to ftp://ftp.astaro.com, because it is also accessible as an http page.
When I enable ftp proxy mode = Both, and then configure my proxy script to direct "ftp://' traffic to Utmaddress:2121, I most often get a hang condition - nothing displays, and no error message.
In the FTP Proxy log, I see a connect event from my IP address. The logging is a disappointment because it has no information about what was done in the connection, just session open and session close entries with my source IP address but without any target URL or address data. Nothing is logged in the web filter log (which is expected).
By comparison, if I use transparent ftp proxy, my proxy script routes it to the web filter proxy port of 8080, the target URL is captured in the web filter log, and the page displays.
One caveat: For FTP sites, Chrome does not pass NTLM information to UTM successfully, so the connection can be blocked for lack of credentials. Sophos Support thinks it is Google's fault. Since Chrome is probably our most-used browser, I have a web filtering exception to bypass authentication for ftp sites.
So my questions are:
- Can Standard Mode FTP proxy work in a web browser to connect to an anonymous FTP site?
- Is there additional logging information captured somewhere other than the FTP proxy log?
I have an open support ticket, but wondered if I would get a quicker and better answer here.
This thread was automatically locked due to age.
