CSS/SSL FTP

Oscar Cardiel · ‎07-11-2008

Hi,

I am configuring an FTP SSL connection in the CSS. I have set the ssl-server and applied the ssl-proxy-list to the service and the services to the content. It is not running so, I don't know if a priory I have missed something because I have got a https ssl connection and it is working cool. If I try to connect to the ftp server without apply the ssl and through the CSS it works fine. Any idea to check??... thanks a lot.

ssl-proxy-list SSL-BCN

ssl-server 20

ssl-server 20 cacert INTRANET

ssl-server 20 rsacert INTRANET

ssl-server 20 rsakey INTRANET

ssl-server 20 vip address 10.100.10.4

ssl-server 20 port 990

ssl-server 20 cipher rsa-with-3des-ede-cbc-sha 10.100.10.4 21

active

service sftp

ip address 222.222.0.235

protocol tcp

keepalive port 21

keepalive type tcp

port 21

redundant-index 18

active

service ssl-intranet

type ssl-accel

add ssl-proxy-list SSL-BCN

keepalive type none

slot 3

active

owner Varios

content ftp

vip address 10.100.10.4

protocol tcp

port 21

add service sftp

add dns ftp

application ftp-control

active

content sftp

vip address 10.100.10.4

add service ssl-intranet

application ssl

add dns sftp

port 990

protocol tcp

active

Gilles Dufour · ‎07-15-2008

FTPS is not exactly SSL.

It starts as a normal FTP session and after negotiating SSL it switches to SSL.

Our SSL decode expects SSL from the first packet.

So, you can't use it for FTPS.

Gilles.

Oscar Cardiel · ‎07-16-2008

Thank you for your help Gilles... yes, indeed, I agreed with you.

regards,