Video Screencast Help
Search Video Help Close Back
to help
Not able to make it to Vision this year? Get a sampling in the Best of Vision on Demand group.

SEP firewall is blocking outbound ftp connections

Updated: 22 May 2010 | 3 comments
BzlBob1's picture
BzlBob1
0 0 Votes
Login to vote
This issue has been solved. See solution.

Hello,

I am running SEP client 11.0.4016.26 and 11.0.40834.173 with a firewall policy.  My policy allows all outbound ftp connections.  However, the firewall is not truly allowing the connections out.  First I see an entry in the log allowing the outbound connection where source is the endpoint and the destination is the ftp server.  The destination port is tcp 21.  Then almost immediately afterwards, I see a block of an outbound connection.  The only difference is I see an outbound connection to same ftp server over a seemingly random high port.  If I configure my browser to use a proxy server or if I disable ntp on the client, I am able to download the file from the ftp server.  I never had this problem when I was using another software firewall, and I am not willing to open allow high ports out to all ftp servers to get the ftp connections to be allowed by the policy.  Does anyone know of a way to deal with this issue? 

Thanks in advance.

BzlBob

Discussion Filed Under:
, , ,

Comments

Vikram Kumar-SAV to SEP's picture
12
Nov
2009
0 Votes 0
Login to vote
Vikram Kumar-SAV to SEP
Symantec Employee
Accredited

 In the Traffic Log can you

 In the Traffic Log can you check which Firewall Rule is blocking it ..it will be at the end of the log.
Once you know the rule then fine tune it so that it doesn't block this traffic.

VMWARE-- SEP 12.1 vs McAfee vs Trend Micro

Scott_Lockington's picture
12
Nov
2009
0 Votes 0
Login to vote
Scott_Lockington

Hi BzlBob1,  If you already

Hi BzlBob1, 

If you already considered this please disregard but it sounds like your client is using passive FTP, connections as you described are normal when you are FTPing in that mode.
 
http://slacksite.com/other/ftp.html#basics

Here's some info from the link above..

In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1023 and N+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command. The result of this is that the server then opens a random unprivileged port (P > 1023) and sends the PORT P command back to the client. The client then initiates the connection from port N+1 to port P on the server to transfer data.

My blog: http://www.scottfromsecurity.com/blog

SOLUTION
BzlBob1's picture
12
Nov
2009
0 Votes 0
Login to vote
BzlBob1

Solved my problem

That was it.  I configured IE not to use IE and I had no problem with downloading the file.  Thanks!!!!!

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
270,016