F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

FTPS_SSL_ Termination

Problem this snippet solves: This iRule is meant to act as a full FTPS termination rule that behaves similarly to HTTPS termination. It forces either an implicit (port 990 by default) or explicit (p...
Published Mar 17, 2015
Version 1.0
application delivery
devops
iRules
security
steffen's avatar
steffen
Icon for Nimbostratus rankNimbostratus
Oct 13, 2022

Hey @bob_ziuchkovsk1
thanks for your FTPS iRule

There are still a few small things that need to be adjusted to make it work.

1. The same variable again "static::pasv_max_port" is incorrect it is already in use.
2. To use this iRule on multiple virtual servers it needs a little more dynamic.

 

 # -- REMOVE OLD --

 # Vserver IP to advertise for incoming PASV data channel connections
 # NOTE: the commas are NOT a typo.  This is the format used by FTP protocol
 set static::pasv_max_port "10,0,0,46"


 # -- ADD (under "when CLIENTSSL_DATA" ) --

 # uses the known virtual server ip address (client context)
 set static::vserverip [IP::local_addr]
 set static::vserverip_comma [string map {. ,} $static::vserverip]



 # -- CHANGE ( under "when SERVER_DATA" ) --

 # respoding the virtual server ip address
 set pasv_response "227 Entering Passive Mode ($static::vserverip_comma,$our_pasv_str)\r\n"

 

Tested this on Version: 16.1