Joel, I would suspect that the issue you're running into is that your firewall is doing "stateful inspection". The problem is not that the firewall doesn't recognize AUTH TLS, but that it's having a problem during the TLS negotiation. It is something that we ran into when first starting with FTP-TLS transfers.
BTW, is your firewall CheckPoint FW-1? If you're running FW-1 NG, or higher, it is relatively easy for them to setup a separate "service" definition and turn off the stateful inspection. You have to do it for both the control port and the data ports. If you don't get your firewall folks to turn the stateful inspection off, the transfers won't work. You can see the failure by turning on DEBUG SEC. We do not use port 990. Due to it's use being deprecated by IETF and not in the proposed standard, I try to steer away from it. All connections we do are port 21. Now, if you're running your own FTP Server, you can choose to use a different port for the control connection, as one the companies we transmit to (via ftp client on our side) does. But for 99% of the cases we have, the servers are using port 21. Peter I. Vander Woude Sr. Mainframe Engineer ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
