ISA Firewall Quick Tip : Allowing FTP Uploads Through ISA Server 2004/2006
 




ISA Firewall Quick Tip : Allowing FTP Uploads Through ISA Server 2004/2006


Published
:
January 07, 2007
Last Updated : January 07, 2007
     
Introduction

Many people have asked over the years how to enable FTP uploads through ISA server 2004/2006. This article gives helpful hints on how to successfully configure ISA Server to allow FTP uploads.

Background

By default, when you create a new Firewall Policy with the FTP protocol included, this access rule will only permit to download from any FTP site, but
will not allow you to upload ( write ) to these FTP sites.

Configuration

  1. Open ISA Management Console

  2. Create a new Access rule, Right click Firewall Policy , then click on New then choose Access Rule ( If you already have a Firewall Policy for the FTP Protocol, then skip these steps and jump to step 14)

           
 

        This also can be done from the Right Pane, under the Tasks bar :
           
 

  1. The New Access Rule Wizard will be launched, give a name to your new rule , in this example we will name it Allow FTP R/W
    ( Read/ Write ), then click Next


     
  1. In the Rule Action page, we choose which action we want to grant for our users, in this example we want to grant them the FTP access, so we choose Allow, then click Next
  2. In the Protocols page, From the drop down list of This Rule Applies To, choose Selected Protocols,



    click on Add button, the Add Protocol page will open, choose the FTP protocol and click on Add , then click Close


     
  3. The FTP Protocol will be selected , click Next


     
  4. On the Access Rule Sources page, click the Add button. In the Add Network Entities dialog box, click on the Networks folder. Double click on the Internal network, then click the Close button in the Add Network Entities dialog box. Click Next in the Access Rule Sources dialog box.



     
  5. Click the Add button on the Access Rule Destinations page. In the Add Network Entities dialog box, click the Networks folder. Double click the External entry and click Close in the Add Network Entities dialog box. Click Next on the Access Rule Destinations page.


     
  6. On the User Sets page, accept the default setting of All Users.



     
  7. Review your settings and click Finish on the Completing the New Access Rule Wizard page.



     
  8. Click the Apply button to save the changes and update the firewall policy. This button is located at the top of the Details pane
    (the middle pane) of the console.


     
  9. Your rule will look this :

  10. The rule you have just created will only permit your to download anything from the FTP sites you visit, but will not allow you to upload, in order to have the ability to upload, follow the following steps
     
  11. Right click your FTP Rule, then click on Configure FTP



  12. In this page, remove the tick beside the Read Only, then click OK


     
  13. Click the Apply button to save the changes and update the firewall policy.



     

Summary
 In this article, we learned how to create a new Access Rule to allow FTP through ISA server, we also learned why by default we can not upload to any
 ftp site and how to enable FTP uploads.

Related Links
How the FTP protocol Challenges Firewall Security