Proxy Port and Regular Port

WGM

T20 12.6.4

Hi,

Puzzled between setting up a SFTP with a proxy port and a regular Port example: Port 2222

I created a policy with a Proxy Port 2222, and firewall shows allowing traffic to the server but it cannot connect using the FTP Client.

I created another policy with a regular Port 2222 and I'm able to connect using FTP Client successfully.

1) For SFTP setting with a regular Port 2222, is that safe compare to a proxy port?
2) Why creating a Proxy Port 2222 does not let me connect using a ftp client even if the logs showed all allowed? Is there something i need to change on the policy?

Thank you.

Bruce_Briggs

"The FTP-proxy does not support FTP over SSL, TLS, or SFTP connections."

About the FTP-Proxy
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/proxies/ftp/proxy_ftp_about_c.html

Are you using SFTP or FTPS?
SFTP uses SSH, which doesn't have multiple ports.
FTPS uses FTP over SSL

https://en.wikipedia.org/wiki/FTPS

WGM

Ok, i thought we could apply the FTP proxy on SFTP, but we'll be using SFTP. Thanks

james.carson

Hi @WGM
The FTP proxy only supports regular FTP. FTPS and SFTP will need to use packet filters.

WGM

Thank you Bruce and James!

WGM

Since there is no proxy on the SFTP, will the firebox scan for virus when client uploads a file?

Bruce_Briggs

No.
Note again - SFTP uses the SSH protocol, not the FTP protocol.
So one would need a SSH proxy, which currently does not exist.

WGM

got it. Thanks!