Endpoint Protection

 View Only

  • 1.  SEP firewall is blocking outbound ftp connections

    Posted Nov 12, 2009 08:49 AM
    Hello,

    I am running SEP client 11.0.4016.26 and 11.0.40834.173 with a firewall policy.  My policy allows all outbound ftp connections.  However, the firewall is not truly allowing the connections out.  First I see an entry in the log allowing the outbound connection where source is the endpoint and the destination is the ftp server.  The destination port is tcp 21.  Then almost immediately afterwards, I see a block of an outbound connection.  The only difference is I see an outbound connection to same ftp server over a seemingly random high port.  If I configure my browser to use a proxy server or if I disable ntp on the client, I am able to download the file from the ftp server.  I never had this problem when I was using another software firewall, and I am not willing to open allow high ports out to all ftp servers to get the ftp connections to be allowed by the policy.  Does anyone know of a way to deal with this issue? 

    Thanks in advance.

    BzlBob


  • 2.  RE: SEP firewall is blocking outbound ftp connections

    Posted Nov 12, 2009 08:59 AM
     In the Traffic Log can you check which Firewall Rule is blocking it ..it will be at the end of the log.
    Once you know the rule then fine tune it so that it doesn't block this traffic.


  • 3.  RE: SEP firewall is blocking outbound ftp connections
    Best Answer

    Posted Nov 12, 2009 11:16 AM
    Hi BzlBob1, 

    If you already considered this please disregard but it sounds like your client is using passive FTP, connections as you described are normal when you are FTPing in that mode.
     
    http://slacksite.com/other/ftp.html#basics

    Here's some info from the link above..

    In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1023 and N+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command. The result of this is that the server then opens a random unprivileged port (P > 1023) and sends the PORT P command back to the client. The client then initiates the connection from port N+1 to port P on the server to transfer data.


  • 4.  RE: SEP firewall is blocking outbound ftp connections

    Posted Nov 12, 2009 11:59 AM
    That was it.  I configured IE not to use IE and I had no problem with downloading the file.  Thanks!!!!!