Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Wolfgang
Authority
Authority

inspect FTPS ?

Are there any solutions to inspect incoming FTPS like SSH/SFTP inspection SSH Deep Packet Inspection ?

0 Kudos
2 Replies
G_W_Albrecht
Legend Legend
Legend

I an only find this and that DLP will make it drop:

sk101486: Non-HTTPS traffic (FTP/S, SMTP/S and more) are matched to HTTPS Inspection Policy and perf...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Timothy_Hall
Legend Legend
Legend

Not that I know of.  You are pretty much stuck punching open ports TCP 1024-65535 between the FTPS client and server, as the firewall cannot see which dynamic port is allocated for the data connection inside the encrypted control connection.  This is a very old discussion at CPUG but sums up the issue pretty well:

https://www.cpug.org/forums/showthread.php/108-FTP-over-SSL-fails-with-VPN-1-FireWall-1

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events