Title: EFW encrypted data problem over VLAN Post by: marco.mazzaglia on Tuesday 05 February 2013, 03:58:33 am Hello to everyone.
We are having some issues with applications that use encrypted traffic. We have a bunch of virtual Endian firewalls (v2.5.1) on VMWare ESXi 4.1.0, 348481. I configured a flat FTP server on our DMZ without any problem. When I try to change the same ftp server on a secured connection (protocol used FTPS implicit or explicit), it starts to have following issues: 1) When I put the server on implicit mode (TCP 990), I'm not able to establish a connection for the port 990; with TCPDUMP I listened to the RED port, trying to see the dropped packets on the port TCP 990 with no result at all. It seems the firewall didn't drop any packet or was not able to arrive to the virtual network card. 2) When I put the server on explicit mode (TCP 21), I'm able to make the connection on port 21, but I'm not able to browse the folders; the error given to the client is "425 Can't open data connection". 3) On the same server, a https application works flawlessly. 4) If I put the virtual server connected directly to the net with a public IP configured on the interface, the FTPS server works perfectly. Details: 1) FTP server is: FILEZILLA Server v0.9.41 beta 2) Switches of virtual architecture: Cisco 3100 series 3) Physical switches for the router of Internet connection: HP Pro Curve 5412zl 4) VMWare ESXi 4.1.0, 348481 5) Endian firewall release v2.5.1 I had a similar problem using OpenVPN server on Endian on a virtualized firewall and I had to switch on a physical firewall to solve the problem. Thanks in advance for any suggestion. Marco |