04-22-2009 09:02 AM - edited 03-11-2019 08:21 AM
I am attempting to establish an FTP connection with an outside vendor FTP
server in order to download software patches. The vendor's FTP server switches to Passive FTP mode which means my client has to reconnect to the server using high ports for both the source and destination. The only way that I have found to get the connection to work is to
configure an ACE on my Inside interface ACL that allows an "any to any" connection using tcp ports >1023. To me, this causes a conflict with my security policies as any other connection, to a potentially malicious server, can be created.
What is the recommended way to get Passive FTP to work without compromising security? I have FTP mode passive enabled on the ASA and also have FTP Passive enabled within my
browser.
Thanks,
Keith
Solved! Go to Solution.
04-22-2009 01:16 PM
"fixup protocol ftp 21".
That will fix your problem without compromising security.
Easy right?
04-22-2009 01:16 PM
"fixup protocol ftp 21".
That will fix your problem without compromising security.
Easy right?
04-23-2009 04:16 AM
Yes, this was easy and resolved my problem. I really appreciate the assistance.
Thanks,
Keith
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: