This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Anyone using Standard-Mode FTP Proxy?

For Web Proxy, standard mode provides multiple technical benefits, so I assumed that standard mode FTP proxy would be preferable to transparent-mode FTP proxy.   My testing has challenged that assumption.

My favorite test site has been to open a web page to ftp://ftp.astaro.com, because it is also accessible as an http page.

When I enable ftp proxy mode = Both, and then configure my proxy script to direct "ftp://' traffic to Utmaddress:2121, I most often get a hang condition - nothing displays, and no error message.

In the FTP Proxy log, I see a connect event from my IP address.   The logging is a disappointment because it has no information about what was done in the connection, just session open and session close entries with my source IP address but without any target URL or address data.   Nothing is logged in the web filter log (which is expected).

By comparison, if I use transparent ftp proxy, my proxy script routes it to the web filter proxy port of 8080, the target URL is captured in the web filter log, and the page displays.

One caveat:   For FTP sites, Chrome does not pass NTLM information to UTM successfully, so the connection can be blocked for lack of credentials.   Sophos Support thinks it is Google's fault.  Since Chrome is probably our most-used browser, I have a web filtering exception to bypass authentication  for ftp sites.

So my questions are:

  • Can Standard Mode FTP proxy work in a web browser to connect to an anonymous FTP site?
  • Is there additional logging information captured somewhere other than the FTP proxy log?

I have an open support ticket, but wondered if I would get a quicker and better answer here.



This thread was automatically locked due to age.
Parents
  • Level 1 support was unable to explain my symptoms and they are escalating my case.   It appears that ftp is not a hot topic for their call center, which matches the silence in this forum.   However, it seems entirely reasonable to assume that malware will try to use ftp, so I need a plan to defend against it (while still allowing access to legitimate internet download sites that switch the browser over to anonymous ftp).

  • Doug, I use "Both" - Transparent is for use with browsers and Non-Transparent (standard) is for use with clients like FileZilla.  Do not send browser traffic to the Non-Transparent proxy.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Doug, I use "Both" - Transparent is for use with browsers and Non-Transparent (standard) is for use with clients like FileZilla.  Do not send browser traffic to the Non-Transparent proxy.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data