Forum Discussion
Nimbostratushow to configure outgoing virtual server for FTP and explicit FTPS connections
Hi All, I need to configure and outgoing virtual server that can handle FTP and FTPS connections. I found a lot of information on devcentral, but all add in 2009 and earlier. In different topics, I can read that I am not able to disable the FTP profile with an iRule. FTP and explicit FTPS connections are using both TCP port 21 for initiating the communication with the client. The default FTP profile checks the traffic, because the system is able to recognise the different FTP commands. With FTPs, the server answers with the command AUTH:TLS and start with encrypted traffic. Due to this, the FTP profile isn't recognising the different commands. I need to find a way that I am able to configure and outgoing virtual server that can handle FTP and FTPS traffic for port TCP 21. Regards Thierry
1 Reply
HamishCirrocumulus
For ftps if you're using NAT the server itself has to know what you're NAT'ing to so it can advise the client the correct address (Because your firewall can't do the fixup). Also if your VS has SNAT on it you're in the same boat.
You'll also have to get your firewall/bigip to preserve the posts used. Which on a firewall usually means a sttic 1:1 NAT (Hiding more than one server/client behind this address wont' work, because the ports have to be translated too).
H
