Forum Discussion
BlackBolt_22590
Nimbostratus
NimbostratusProblem FTPS passive
Hello Everyone,
For one of our customer, we have to deploy a FTPS server behind the F5. Here is my configuration of the VS :
And here is my problem, The FTP behind the F5 is working great, I can connect to it and transfer a file with success. But where I have a problem is when the server has TLS turned on. First I tried to manage the certificate with the F5 (TLS is off on FTP server) so I created a SSL client profiles but it's not working :
And when TLS is turned on onto the server but the certificate is not managed by the F5 here is the error message i have:
I connect with a real account.
1/Do you think it's a F5 conf problem of a FTP/Certificate problem : Someone already had this kind of problem and how did he manage to resolve it? 2/Do I need to create a irules to limit the range of port to connect?
Thanks in advance.
Might be worth a read of -
https://support.f5.com/kb/en-us/solutions/public/9000/300/sol9347.html?sr=41837690
IainThomson85_1Cumulonimbus
Might be worth a read of -
https://support.f5.com/kb/en-us/solutions/public/9000/300/sol9347.html?sr=41837690
BlackBolt_22590Hello Iain, Indeed, after following the steps it worked with a "normal" connection. Behind a 4G connection it doesn't. Any idea why?- IainThomson85_1A 4G connection will likely becoming from a very complex NAT'd Mobile Carrier network - You might want to investigate with the mobile provider why it doesn't work. Although i'm not saying you'd get very far. Glad to hear you got it working under a normal scenario
- BlackBolt_22590Well I think i'll advise my customer to stop using 4G connection^^ thanks anyway.
superegoAltostratus
Had same problem for implementing FTPS passthrough. Followed document: https://support.f5.com/csp/article/K9347
I configured a separate SNAT pool for FTPS with 1 SNAT address only
and the other thing is have to configure the VIP in the External IP Address of Firewall.