Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
4648
Views
0
Helpful
4
Replies
grischast
Beginner
Beginner
‎05-14-2013 01:36 PM
‎05-14-2013 01:36 PM

Ironport S170 (7.5.0): native FTP proxy without WSA-authentication

Hi

I am currently testing the ftp proxy feature on our newly deployed WSA.

The WSA is in explicit forward mode only and we do not want to use any user authentication on the WSA at all.

No matter what I chose for "Authentication Format" in the ftp proxy configuration (raptor or check point) I am completely unable to establish a ftp connection via the WSA.

E.g. when I try a simple file transfer from a Cisco device:

copy ftp://anonymous@FTP-SERVER-ADDRESS:foo@bar.foo@WSA-ADDRESS/test.txt flash:

I always find in the WSA log

User anonymous@FTP-SERVER-ADDRESS login FAILED

It looks like the WSA always wants to authenticate the connection to the WSA itself first.

So please, how do one use this ftp proxy feature correctly without any authentication by the WSA?

Regards,

Grischa

Labels:
0 Helpful
4 REPLIES 4
kussriva
Beginner
Beginner
‎05-14-2013 10:32 PM
‎05-14-2013 10:32 PM

Hi,

You need to make sure you have the correct config on the FTP server as well on the WSA

Please go through the foll info:

If you are using FileZilla the exact FileZilla configuration will differ depending on the
authentication configuring for FTP proxy on the WSA. The FTP Proxy config on the WSA can be found
at 'Security Services' -> 'FTP Proxy Settings' ->
'Authentication Format'.

From within FileZilla, go to 'Edit' -> 'Settings' -> 'FTP' -> 'FTP
Proxy'. Click on 'Custom' to enable native ftp proxy.

Use the following settings for different types of authentication:

 Native FTP FileZilla configuration for "Check Point" authentication 

USER %u@%s@%h
PASS %p@%w <> 

 

 Native FTP FileZilla configuration for "Raptor" authentication 

USER %u@%h %s
PASS %p
ACCT %w

 

Native FTP FileZilla configuration without authentication and using
Raptor authentication

USER %u@%h <> %u
PASS %p
ACCT %p

 

Native FTP FileZilla configuration without authentication 

USER %u@%h <> 
PASS %p

So please make sure you have the correct config on the WSA as well as the FTP server.

For more information, you can go to

http://www.cisco.com/en/US/docs/security/wsa/wsa7.5/user_guide/WSA_7.5.0_UserGuide.pdf and check the section "Working with FTP Connections".

For further assistance on pre-production issues, you can open a case at http://www.cisco.com/web/partners/tools/pdihd.html

Regards,

Kush

Cisco PDI Help Desk

http://www.cisco.com/go/pdihelpdesk

0 Helpful
grischast
Beginner
Beginner
In response to kussriva