compsosinc
Tue Dec 11 15:08:29 PST 2007
On Dec 11, 4:41 pm, "Michael Jenkin [SBS-MVP]"
<michael.jen...@mvps.org> wrote:
> It sounds to me like ISA is working correctly.
>
> Something in IE must be set wrong. Are all machines on the network
> having the same results ? I.E command prompt works but IE does not ?
>
> Consider downloading a trial of an FTP program like SmartFTP and see if
> it is just IE.
>
>
>
>
>
> compsos...@gmail.com wrote:
> > On Dec 7, 8:27 pm, "Michael Jenkin [SBS-MVP]"
> > <michael.jen...@mvps.org> wrote:
> > > From a command prompt,
>
> > > type in "ftp ftp.microsoft.com" and enter
>
> > > It will either fail or request credentials.
>
> > > You will be asked for a user name, use anonymous
> > > You will be asked for a password, put in your email address
>
> > > See if you can get that far.
>
> > > Thanks
>
> > > compsos...@gmail.com wrote:
> > > > On Dec 6, 6:13 pm, "Michael Jenkin [SBS-MVP]"
> > > > <michael.jen...@mvps.org> wrote:
> > > > > Have you tried using Passive FTP in your client ?
>
> > > > > Have you tried using the Microsoft command line FTP to see if it will
> > > > > connect ?
>
> > > > > Michael Jenkin [SBS-MVP] wrote:
> > > > > > If you have the ftp protocol definitions then when you check the rule
> > > > > > for your users, make sure the ftp protocol is selected or that you are
> > > > > > allowing every protocol outbound.
>
> > > > > > compsos...@gmail.com wrote:
>
> > > > > > > On Dec 3, 5:13 pm, compsos...@gmail.com wrote:
> > > > > > > > On Dec 3, 3:29 am, "Michael Jenkin [SBS-MVP]"
>
> > > > > > > > <michael.jen...@mvps.org> wrote:
> > > > > > > > > Hello,
>
> > > > > > > > > As long as the users/groups (members of the group SBS internet users) or
> > > > > > > > > IP ranges for the machines (Client address sets) are allowed on a
> > > > > > > > > protocol rule (port 21 outbound) for FTP (There is a prtocol simply
> > > > > > > > > called ftp already in ISA 2000) and you elect use Passive FTP, it should
> > > > > > > > > work fine.
>
> > > > > > > > > Thanks
>
> > > > > > > > > compsos...@gmail.com wrote:
> > > > > > > > > > Using SBS2000. Currently, all client PCs have the Firewall Client
> > > > > > > > > > software installed and the "use proxy" is checked in Internet options.
> > > > > > > > > > No clients can access any FTP sites but the server can. In order to
> > > > > > > > > > get the server to access an FTP site we added a Packet Filter to Allow
> > > > > > > > > > TCP on 20 Inbound and 21 Outbound. As we understand, we need a
> > > > > > > > > > Protocol Rule to allow the clients access, so we added one to Allow -
> > > > > > > > > > FTP-Any request. This did not work. What is a solution to this
> > > > > > > > > > problem?
>
> > > > > > > > > > Secondly, we have another SBS2000 set in another office without this
> > > > > > > > > > problem. In its ISA server config, there is not an FTP Protocol Rule.
> > > > > > > > > > However, in addtion to the "Allow FTP" packet filter, there are a
> > > > > > > > > > total of (4) Custom Filters "BackOffice FTP 20 In/Out" and BackOffice
> > > > > > > > > > FTP 21 In/Out" listed. What would be the difference?
>
> > > > > > > > > > Thanks
>
> > > > > > > > > --
> > > > > > > > > Michael J. Jenkin MVP - SBS, MCP, Small Business Specialist, Senior
> > > > > > > > > Systems Engineer
> > > > > > > > > Visit
http://www.mickyj.com-Hidequotedtext-
>
> > > > > > > > > - Show quoted text -
>
> > > > > > > > Thanks - I do not have that FTP Protocol Rule in ISA 2000. I have a
> > > > > > > > test SBS2000 Server also, and it is not in that one either -- I must
> > > > > > > > have to add it manually??? Both setups do have the FTP IP Packet
> > > > > > > > Filters (Port 20 & Port21); however, I believe packet filters only
> > > > > > > > apply to server and not the clients.
>
> > > > > > > > I will create a Protocol Rule for outbound FTP for the clients. thanks- Hide quoted text -
>
> > > > > > > > - Show quoted text -
>
> > > > > > > Just to clarify, I do have Protocol Definitions for FTP, FTP Server,
> > > > > > > FTP Download and FTP Download Only listed, but no Protocol Rules.
>
> > > > > --
> > > > > Michael J. Jenkin MVP - SBS, MCP, Small Business Specialist, Senior
> > > > > Systems Engineer
> > > > > Visit
http://www.mickyj.com-Hidequoted text -
>
> > > > > - Show quoted text -
>
> > > > I have tried unchecking and rechecking the Passive FTP in IE on the
> > > > clients.
>
> > > > How do you try the Microsoft FTP command line? If you mean go to
> > > >ftp://ftp.microsft.comthathas always worked. It's the authenticated
> > > > FTP sites that we cannot get to unless we pass the credentials within
> > > > the ftp URL.
>
> > > --
> > > Michael J. Jenkin MVP - SBS, MCP, Small Business Specialist, Senior
> > > Systems Engineer
> > > Visit
http://www.mickyj.com-Hide quoted text -
>
> > > - Show quoted text -
>
> > Yes, that worked. I received the "230 User anoymous logged in".
>
> > I have Firewall Client enabled and Proxy server set to point to the
> > ISA Server at port 8080 in the IE settings.
>
> --
> Michael J. Jenkin MVP - SBS, MCP, Small Business Specialist, Senior
> Systems Engineer
> Visit
http://www.mickyj.com- Hide quoted text -
>
> - Show quoted text -
Thanks for replying and hanging in there...Yes, all systems behave the
same way - all 15. All are using IE7 except the Server has IE6 and the
Server can connect to authenticated FTP sites -get the Username/
password box. I have (2) identical networks like this above and the
second network does the same thing. Note that if in IE7, if we add the
username/password credentials to the FTP URL, it goes to the FTP site.
Also, if we use Windows Explorer in the clients to access the FTP
site, we get the username/password prompt like would would expect in
IE7.
Will look at SmartFTP.Thanks again.