FTPs Windows 2008, 2012 SSL/TLS explicit mode over port 21

An issue has come up where the TLS FTP server is working fine internally yet not from the outside. 

Using FileZilla in debug mode 4 the output is as follows

Response:220 Microsoft FTP Service

Trace:CFtpControlSocket::SendNextCommand()

Command: AUTH TLS

Trace:CFtpControlSocket::OnReceive()

Response:234 AUTH commands are ok. Expecting TLS Negotiation.

Status: Initializing TLS…

Trace:CTlsSocket::Handshake()

Trace:CTlsSocket::ContinueHandshake()

Trace:CTlsSocket::OnSend()

Trace:CTlsSocket::OnRead()

Trace:CTlsSocket::ContinueHandshake()

This is a problem with most firewalls that do layer 7 packet sniffing. Luckily for us, the Firewall had bypass rules that can be configured to allow the TCP traffic to the destination internal server without inspection. Test internally first and if all is good your problem lies in the firewall (untangle) where you can just bypass it. refer to your firewalls manual on how to bypass layer 7 detection for FTPs / FTPes on port 21 and you shall connect with no problem. I recommend Filezilla with debug mode 4 to know where you get stuck If you have issues, give us a call!

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top