ISA 2006 FTP ISSUE
-
Friday, January 04, 2013 5:19 PM
Hi All,
We have setup ISA firewall in our organization for exposing the websites in the internet.
The ISA version is 2006 and it seems to work fine for HTTP and HTTPS URL's. I have a requirement of hosting an INTERNAL FTP site through ISA firewall and i seem to find it difficult to do the same. The ISA runs in a server with single NIC card and am not in a position to do server publishing. I have tried WEB SERVER PUBLISHING and i choose FTP SERVER in the bridging. The port 21 seems to be accessible in the below fashion,
LOCAL FTP SERVER[ running in port 21] <----------------ISA SERVER
ISA SERVER[PORT 21 is opened in it]<----------------------- External user
I also read that the external hit has to be using HTTP protocol which ISA will redirect to the FTP site using FTP. I am not sure if my understanding is right. I find that the rule is getting triggered when i call the dns name for the FTP rule from internet. It loops for a while and fails with errors like below,
Error Code: 500 Internal Server Error. The operation timed out. The remote server did not respond within the set time allowed. The server might be unavailable at this time. Try again later or contact the server administrator. (12002)
Am not sure if there is a configuration issue or if i cannot create a rule for FTP server from ISA without having another NIC card.
Requesting your inputs and suggestions which would help me tackle the issue.
All Replies
-
Friday, January 04, 2013 5:40 PM
Hi,
create a non Webserver publishing rule to publish the internal FTP Server and use the FTP-Server protocol definition:
http://technet.microsoft.com/en-us/library/bb794758.aspx
regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
-
Saturday, January 05, 2013 1:35 AM
Hi Marc,
Thanks for your response.As mentioned earlier i have only a single NIC card which is already in use. Will i still be able to follow the approach you have specified??
Balaji.G
-
Monday, January 07, 2013 1:03 PM
No.
Single NIC only supports web publishing and standard FTP publishing (tunneled in HTTP, e.g. HTTP requests forwarded to FTP server).
It does not support server publishing which is required for custom protocols.
For ref see http://technet.microsoft.com/library/cc302586.aspx#UnsupportedScenarios
I know that the article says it applies to ISA 2004 but it applies to ISA 2006, can't find my way back to the 2006 version of this article (if one exists, memory is faint...).
Hth, Anders Janson Enfo Zipper
- Edited by Anders Janson Monday, January 07, 2013 1:09 PM Incorrect.
- Proposed As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Wednesday, January 09, 2013 1:55 AM
- Marked As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Thursday, January 10, 2013 2:47 AM
-
Monday, January 07, 2013 4:13 PM
Hi Anders,
Thanks for your reply. We might probably try for server publishing by procuring another NIC.Thanks to both of you for the response. We might even opt for TMG. Please do share your inputs regarding the option of moving to TMG 2010 from ISA.
Balaji.G
-
Tuesday, January 08, 2013 2:17 AMModerator
Hi,
Thank you for the post.
“We might even opt for TMG.” - As far as I know, TMG has the same behavior, server publishing is not supported in single NIC. If you want to migrate from ISA 2006 to TMG Server, please see: http://technet.microsoft.com/en-us/library/dd440994.aspx
Regards,
Nick Gu - MSFT
- Edited by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Tuesday, January 08, 2013 2:18 AM
- Proposed As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Wednesday, January 09, 2013 1:55 AM
- Marked As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Thursday, January 10, 2013 2:47 AM
-
Thursday, January 10, 2013 12:31 PM
TMG has the exact same behavior in this scenario.
Nothing changed between ISA 200x and TMG here.
Hth, Anders Janson Enfo Zipper
.png)
