This issue has been one of my ongoing frustrations for a very long time. I simply wanted to be able to enable FTP uploads. Knowing the security risks of this scenario I knowlingly wanted the ability to upload when I need to and turn it off on demand when I don’t. For my efforts I had it partly working from the LAN but not the WAN.
In SBS 2003 Premium w/ ISA 2004 this entails configuring that the ISA FTP Filter is not in “Read Only” mode for any traffic using the FTP protocol you want write capabilities to work. To do this you have to “Configure FTP” (right click rule) at every applicable rule within the listings of the Firewall Policy.
The odd thing was that I had already done that …or so I thought. What had alluded me is that there are a couple of additional rules with the FTP protocol hidden under their broad scope. The reason for this was that the listed protocol can also encapsulate a host of protocols including FTP and rules with that situation were being overlooked by moi. So here is the listing of the four rules I needed to edit.
- SBS FTP Server Access (External to Local Host)
- SBS FTP Outbound Access (Local Host to External)
- SBS Protected Networks Access Rule (All Protected Networks to All Protected Networks)
- SBS Internet Access Rule (All Protected Networks to External)
The thanks for this breakthrough for my mental meltdown go to Bob Hood, Syd Lines, and Eric Rogers for the following linked thread. There are other deeper dives into FTP issues and fixes there including great information from Jim Harrison.