RE: [WS_FTP Forum] Connection timeout error when making SSL conne ction

[Terry LeBlanc]

Title: Connection timeout error when making SSL connection

Good feedback, Pete.  Not what I was wanting to hear...but good feedback.  Thanks.   Based on this info, we're better off sticking with FileZilla, which has worked beautifully in passive mode through 2 firewalls with NAT since we originally installed it.  No muss, no fuss.    I'll continue to monitor...    Terry From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete Simpson Sent: Monday, February 06, 2006 2:20 PM To: WSFTP_Forum@list.ipswitch.com Subject: RE: [WS_FTP Forum] Connection timeout error when making SSL conne ction   We've been using WS_FTP Server and Pro for SSL based FTP transfers for about 4 years.  It's been mostly reliable. Support at times has been difficult.  We are a fan of the product, but it does seem to be quite persnickety at times.  The iterations of the server since Version 5 have been much more problematic than version 4.  Trying to run SSL based FTP through a firewall has proven to be nearly impossible to implement reliably.   Of late, we've had several occasions where things were working just fine and then "poof" SSL is broken.  The tried-and-true fix has been simply to remove WS_FTP Server and reinstall it from scratch with the EXACT same settings.  Alternatively, sometimes it's just one client reporting the issue -- so we have them remove and reinstall the client.  Yes, it's labor intensive and a pain in the arse.  But it has worked every time something has gone "poof" for no good reason and when even ipSwitch support can not find a cause or fix.  My hypothesis is that changes in Windows 2003 Server and Win XP somehow monkey up some portion of the registry upon which the ipSwitch products rely.   My recommendations:   1.) If it was working, nothing has obviously changed, and now it does not work is to remove the product, reboot, and reinstall it with the exact same settings.  So far we're 5 for 5 on that "fix".   2.) If you're trying to use SSL through your firewall w/ FTP-- don't.  Put two NIC's in the server, expose one externally and run SSL on that NIC.  Yes, you need to do a bunch of "cleanup" on that nic -- nothing should be bound to it (no file sharing services, no print services) but TCP/IP.  Then use an ACL on your router between that NIC and the "global internet" and filter everything destined to that NIC except the ports you need for SSL w/ FTP (ports 21 and 1024-5000). Good Luck. Pete From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Terry LeBlanc Sent: Monday, February 06, 2006 12:05 PM To: WSFTP_Forum@list.ipswitch.com Subject: RE: [WS_FTP Forum] Connection timeout error when making SSL conne ction We have, but it's been a few months.  We can call again, now that the crush to get the web server up and working is over.  We needed and found a solution to get us moving files securely after we hit a brick wall with WS_FTP Server...which surprised me.  I was the guy insisting on using it...   Terry   [ CONFIDENTIALITY NOTICE ]