Re: FTP Download Access
From: Andrew Mitchell (amitchell_at_removecasey.vic.gov.au)
Date: 10/14/04
- Next message: seweichu: "Re: DHCP Client service unable to start - access denied"
- Previous message: Shawn Corey [MSFT]: "Re: Certificates services - UTF8String"
- In reply to: mjohead2: "FTP Download Access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 13 Oct 2004 18:57:52 -0700
"=?Utf-8?B?bWpvaGVhZDI=?=" <mjohead2@discussions.microsoft.com> said
> Hello everyone, here is my quesition: Users on my network need to
> download files that are only available via FTP. I do not have any FTP
> servers on my network. I placed a rule on my firewall that only allows
> FTP 'GET' traffic to pass through. Is the network still secure?
Depending on how 'application aware' your firewall is, this may not work.
FTP uses many other commands to retrieve a file. Open, Close, LS, Mode etc.
If your firewall is blocking these commands the file download will more then
likely fail.
Just create a rule that allows your local network to access any host where
the destination is on port 21. If your firewall will not allow active FTP you
must set your clients to use passive FTP.
Allthough this will also allow uploads from clients to servers, it will not
allow unsolicited ftp download requests from the internet to come through and
is no less secure than what you have allowed by opening up HTTP traffic.
-- Andy.
- Next message: seweichu: "Re: DHCP Client service unable to start - access denied"
- Previous message: Shawn Corey [MSFT]: "Re: Certificates services - UTF8String"
- In reply to: mjohead2: "FTP Download Access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
