Forum Discussion

Joern_Oltmann's avatar
Joern_Oltmann
Icon for Nimbostratus rankNimbostratus
Jul 07, 2022

Create VIP for FTP with TLS

Hi Forum,

I would like to create a VIP for a FTP Server with TLS.

Behind our BIG IP LTM (Version 15.1.51) I have installed a Server with vsftp.
When I connect directly to this Server I have no problem to connect with TLS.

If I use the Public address (mean I come from outside via F5) I can connect but then I get an error about the "Data Port"
If I allow all Ports on the VIP and Pool, everything is fine, but this is not an option for me 😞
Does anybody has a hint for me. I found nothing here in this forum about FTP with TLS.

Here are my configs

 

 

 

 

 

 

 

ltm virtual /IN_FTP {
    description "FTP Server"
    destination 555.666.777.888:21
    ip-protocol tcp
    last-modified-time 2022-07-06:19:11:46
    mask 255.255.255.255
    pool /FTP
    profiles {
        /Common/ftp { }
        /Common/tcp { }
    }
    serverssl-use-sni disabled
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address enabled
    translate-port enabled
    vlans {
        /Common/epfrontyard
        /Common/epproduction
        /Common/grenznetz_web_1
        /Common/grenznetz_web_2
    }
    vlans-enabled
}
ltm pool FTP {
    description "FTP server "
    members {
        /ftp1:21 {
            address 111.222.333.444
        }
    }
    monitor /Common/gateway_icmp