Don, It's not so much as blocking ftps and allowing normal ftp. The normal ftp's go thru such that the firewall can do it's stateful checking and not cause a problem. With FTPS, the datastream is encrypted by the time it hits the firewall, and does not conform to what the firewall thinks about "stateful", thus it drops the connection. For our firewall, that means that if the command string coming across, does not end with an end of line character (I don't recall which one), it considers it a bad record, and terminates the session.
Peter On Wed, 6 Jan 2010 08:04:36 -0800, Donald Russell <[email protected]> wrote: >On Wed, Jan 6, 2010 at 06:15, Peter Vander Woude <[email protected]>wrote: > >> Don, >> >> If your firewall folks just recently upgraded the firewall, it could be >> that the >> upgrade "defaulted", or reset some configuration settings. For FTPS, the >> firewall cannot do what's referred to as "stateful checking". I know ours >> does >> that, and if it does that on the control connection (and/or data >> connection), >> you will see the error you've been getting. >> >> >That appears to be what happened.... I'll know for sure next week when the >firewall people make the change to allow FTPS. > >For me, the red herring was that regular FTP works fine, which, to me, begs >the question: What's the point of blocking FTPS without blocking FTP? > >Thanks for all the discussion and feedback... > >---------------------------------------------------------------------- >For IBM-MAIN subscribe / signoff / archive access instructions, >send email to [email protected] with the message: GET IBM-MAIN INFO >Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
