A customer with high security standards just had MSP 3.3 installed in a DMZ. Everything went well except for one minor glitch. The solution entails use of FTPS and preferred to use port 990, but MSP supports port 21. So they reluctantly opened port 21 to allow MSP to setup the Relay Server. The challenge lies with return traffic as it uses random ports. Is there any way to configure MSP/FTPS server to send/receive traffic on port 21?
Inbound/Outbound FTPs Traffic// Expert user has replied. |
4 Replies
Why don't they try the stateful firewall and (if needed by their designs) passive FTP? This would solve the return traffic problem.
A Stateful Firewall won't help since it cannot be used with FTPS since it cannot inspect encrypted packets and use the gleaned knowledge to open and close ports automatically. Passive mode is the default and actually makes the problem worse, for most customers since it requires opening up a range of incoming ports. Some customers have found that switching to Active mode helps for situations where the FTPS Server is in a DMZ since it changes the data connections to go from Server to devices. But if the devices are o WWAN, then Active mode will only work if the devices can accept incoming connections, which may require a custom APN.
In lieu of MSP 3.3 and support for SSL Mobile VPN via an Add-On kit, the BU has been working on revising pricing for the SSL Mobile VPN client. We are looking at emulating the MSP licensing model with various tiers of the VPN client. This will enable customers to buy what they need and upgrade as their needs change.
While we are working on finalizing and releasing new pricing information, please contact the Product Manager or the BU for a price exception.
Hi Peter,
I recently had a similar issue with one of my customers. I've since opened a GRIP for MSP to support SFTP (SSH File Transfer Protocol). This customer said they are moving to SFTP as a company standard for all of their file transfers even their banking transactions. The GRIP I opened is 5152-5196 just in case you want to open one and reference it. We have introduced MSP 3.3 and the SSL Mobile VPN (AirBEAM Safe) add-on as an alternative however, the additional cost may be prohibitive.