Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Wolfgang
Mentor
Mentor

inspect FTPS ?

Are there any solutions to inspect incoming FTPS like SSH/SFTP inspection SSH Deep Packet Inspection ?

0 Kudos
2 Replies
G_W_Albrecht
Legend
Legend

I an only find this and that DLP will make it drop:

sk101486: Non-HTTPS traffic (FTP/S, SMTP/S and more) are matched to HTTPS Inspection Policy and perf...

CCSE CCTE SMB Specialist
0 Kudos
Timothy_Hall
Champion
Champion

Not that I know of.  You are pretty much stuck punching open ports TCP 1024-65535 between the FTPS client and server, as the firewall cannot see which dynamic port is allocated for the data connection inside the encrypted control connection.  This is a very old discussion at CPUG but sums up the issue pretty well:

https://www.cpug.org/forums/showthread.php/108-FTP-over-SSL-fails-with-VPN-1-FireWall-1

 

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos