Results 1 to 3 of 3
  1. #1
    Newbie
    Join Date
    Dec 2009
    Posts
    5

    Default Untangle blocking FTPS TLS negotiation

    Just FYI in case it helps anyone else.

    We experienced an issue with FTPS connections failing at the security negotiation step. The output from CoreFTP was:

    234 AUTH command ok. Expecting TLS Negotiation.
    SSL/TLS error - 0, SSL error - 1, error:00000001:lib(0):func(0):reason(1)W

    We isolated the issue to traffic passing across the Untangle traffic filtering device. Despite disabling all "rack" filtering devices the issue remained. We found that disabling FTP processing in the system configuration resolved the issue. The setting in Untangle is found at:

    Config > System > Protocol Settings > FTP
    masterli likes this.

  2. #2
    Untangle Ninja proactivens's Avatar
    Join Date
    Sep 2008
    Location
    Greensburg, Pa
    Posts
    2,362

    Default

    you want to create a bypass rule for the traffic if untangle is breaking it. Generally speaking, the virus filter is usually to blame and enabling ftp resume usually fixes the problem.

    Create a bypass rule in config>networking>advanced>bypass and use the same format as a port forward rule. (destination port(s), protocol, and source interface)
    www.nexgenappliances.com
    Toll Free: 866-794-8879
    UNTANGLE STAR PARTNER
    Follow us at spiceworks!

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    The uvm itself won't allow ssl enabled FTP commands through. That is there so the AV module can scan files during transmission. If you trust an FTP server, just bypass all traffic to it. Don't turn off FTP processing in general, because that also means you aren't scanning downloads.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2