Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

FTP over SSL Through the Firewall

I could use a bit of assistance in getting FTPs working through my PIX. It seems that the control connection is encrypted and the firewall doesn't seem to be able to figure out what to do with the connection.

Would anyone happen to know a way around this issue?



Re: FTP over SSL Through the Firewall

find a different product. there is no real standard for encrypting ftp, so a lot of vendors do it different ways. The pix thus cannot have application level proxies for it (the way it does for standard ftp) because the permutations are near infinite. It sounds like your application will probably dynamically assign ports, and thus not work well without opening them all up. Look for a solution that makes just one socket connection through one port - OpenSSH's scp does this, I am not sure if their sftp impletementation does. WinSCP is a very good windows gui explorer-like scp application.

Community Member

Re: FTP over SSL Through the Firewall

Unfortunately, this type of connection is being dictated to us by our customers and the option to switch to a different solution isn't available. We do have some sftp implementations in place, and they are certainly prefered.

You've guessed correctly about the dynamically assigned ports. Is there any way I can narrow what I allow through a bit as opposed to allowing things to be wide open in both directions? In our scenario, it will be our users connecting to a client's ftp server out on the Internet.

CreatePlease to create content