For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Wasfi_182818's avatar
Wasfi_182818
Icon for Altostratus rankAltostratus
Nov 04, 2015

Can the SWG module be used as an FTP forward proxy

Hi;

 

I am trying to use the SWG as a secure "passive ftp" gateway in the same manner it is used for http and https traffic.

 

Moreover, the aim is to use NTLM authentication to identify ftp users then authorize them. For instance, upon successful authentication, John from group HR is allowed to access ftp.hr.com while Sam from group Sales is not allowed to access ftp.hr.com.

 

This is in a similar manner to the implementation described in the following link for http/https traffic.

 

https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-secure-web-gateway-implementations-11-5-0/5.html

 

Is this possible for ftp as well as http/https?

 

Kindly Wasfi

 

4 Replies

  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Nov 04, 2015

    I do not believe so. FTP is a very different protocol that HTTP and the key part about SWG is the W for WEB. The only possibility would be to explicitly proxy FTP over HTTP which I don't think the BIGIP supports.

     

  • sfuerst_116779's avatar
    sfuerst_116779
    Historic F5 Account
    Nov 04, 2015

    The BigIP can have a SOCKS explicit proxy virtual, that will allow proxying of FTP. I don't think this will work with authetication though.

     

    • Wasfi_182818's avatar
      Wasfi_182818
      Icon for Altostratus rankAltostratus
      Nov 04, 2015
      I don't mean to state the obvious, but just to double check, do you need the SWG license for implementing SOCKS explicit proxy?