My understanding is that any firewall needs to monitor the FTP control port to know which dynamic ports to open.Since in secure ftp control port is also encrypted the firewall cannot monitor the control port so it is not possible to access a secure ftp site from behind a firewall.Is there any workaround.
In my experience, SFTP usually runs over port 22 (ssh) or sometimes port 990. It does not do the same dynamic port allocation that standard FTP uses, so you should not have a problem through a firewall. If you know the type of SFTP server you wish to access I may be able to give more specifics.
Thanks for the post.Essentially this is a Windows 2003 server with ISA firewall.Access from behind the firewall to secure ftp sites does not work.I got the port 22(not port 990) information too but the articles are making a distinction between Secure FTP/SSL and SFTP/SSH.At the moment all I can think of is open up port 22 and 990(inbound and outbound) on ISA firewall and hope for the best.Apparently Secure FTP/SSL does use dynamic ports or am I wrong?What kind of SFTP/SSH clients are available for Windows?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...