Any workaround?

I really need to load balance FTPS with ACE. Is it possible if the servers have FTPS configured and we load balance the servers on port 989 and 990. Just making sure that FTPS in not natively supported and i wont find any "inspect ftps" either like "inspect ftp" while configuring ftp LB, right?

You can use inspect ftp on any port.

But if the client or server negotiate SSL, the connection will fail.

If you want to LB ftp and keep the ssl feature, your only solution is to not use inspection.

But then we can nat the info inside the ftp control channel which some clients/servers do not like.

Gilles.

ok... but i am not clear on the Last part "nat the info inside the ftp control channel". Could u please explain about how to go for this?

And if I go for in this scenario, then do i have to import any SSL certificates onto the ACE.

sorry, I meant "we can't" !!

G.

so can i conclude that i can go forward and configure the FTPS the same way i configure LB for different server/ports but it may not work for some clients.

and do i need to import SSL certificates in ACE for that?

yes, you can configure like any other L4 rule except you need to take into account that client and server can open data connections.

These connections from the clients need to be sent to the appropriate server and be nated if sent to the vip.

So, you need src ip sticky and you need to be catch all possible ports or force your servers to use port 20.

Same for the connections opened by the servers. You need to configure nating so that they appear as coming from the vip.

This work is normally done for you by inspect ftp. But you can't use it here.

Gilles.

So that means, i don't have to import any certificates as such in ACE. Is it right?