Results 1 to 4 of 4
  1. #1
    Untanglit egowen's Avatar
    Join Date
    Aug 2007
    Location
    Fort Valley, GA USA
    Posts
    17

    Default Virus Blocker blocks FTP over SSL (Explicit Encryption)

    We have a WS-FTP Server running inside our LAN. We have a number of FTP sites that are set up using a self-generated certificate. If the Untangle Virus Blocker is turned on, Filezilla, Secure FTP and WS-FTP clients are unable to connect. This is true even if ALL Virus Blocker options are unchecked. As soon as the Virus Blocker App is turned off, the clients can connect normally. The Virus Blocker log does not show any entries with IP addresses from either the client or the server.

    Attempting to bypass the Virus Blocker by rules in the Firewall App passing all the normal FTP ports (20, 21, 115, 989, 990) to/from the IP Address of the FTP server is ineffective as long as the Virus Blocker is ON.
    Regards,

    Ed
    --------------------------------------
    Edward Gowen
    Macon State College
    Educational Technology Center

  2. #2
    Untangle Junkie amac's Avatar
    Join Date
    Aug 2007
    Posts
    805

    Default

    Edward, sounds like good stuff
    If you wanted to just bypass ftp traffic all together, you can use the protocol override feature, so, for example, you can have all ftp traffic go by without being scanned. It's located here:
    config-support-manual protocol override
    Not sure why virus blocker would be doing that. Have you checked under all of the sub tabs as well? Like file extensions, and MIME type list?
    Oh, here is another idea if you have the professional package. You could create a custom policy using the "no rack" feature and allow the user IP Addresses through port 21(or whatever ports you are using). That would stop it from being scanned and only allow certain users you select to get through, but you would have to have the correct addresses.
    Hope all this helps, keep us updated.
    Best of luck

  3. #3
    Untanglit egowen's Avatar
    Join Date
    Aug 2007
    Location
    Fort Valley, GA USA
    Posts
    17

    Default

    Thanks to amac, I can turn Virus Blocker back on. The Config / Support / Manual Protocol Override / FTP Settings / Disable Procession of File Transfer traffic permits FTP over SSL even with Virus Blocker turned on. Hopefully the Bugzilla report will be acted on so we return to scanning the FTP traffic that is now not being processed.
    Regards,

    Ed
    --------------------------------------
    Edward Gowen
    Macon State College
    Educational Technology Center

  4. #4
    Untangler vanpatrick's Avatar
    Join Date
    Nov 2006
    Posts
    69

    Thumbs up

    Another note: you can actually create 'Default Rack' and 'No Rack' policies in the Open Source version. You just can't create 'Custom Racks' without the Pro Package....

    More info here: http://wiki.untangle.com/index.php/Policy_Management

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2