The Secure File Transfer Solution.
TOC PREV NEXT INDEX

Using Firewalls with SSL

When using a NAT (Network Address Translation) firewall, you may encounter problems when trying to use SSL encryption. To fix this, you may be able to enter information in the Firewall Settings dialog to reply to a PASV command by returning the IP Address and port range of the NAT firewall. In many cases, this will allow you to use SSL through a NAT firewall.

To change firewall settings:

  1. In the left pane of WS_FTP Server, select the host. The host properties menu appears in the right pane.
  2. Click Firewall Options. The firewall settings dialog appears.

  1. Enter the following information.

    IP Address. Enter an IP Address to be used in response to a PASV request. This will be sent to the client instead of the host IP address. This should be the IP address of the NAT firewall.

    Port Range. Enter a range of port numbers to be used in response to a PASV request. The port range is specified by #-# or #, #, #. In the first example, all ports between the two numbers are available for use, and in the second, only the specific ports are available. You may use a combination of both to specify multiple ranges or ranges and specific ports.

Note: If you specify an IP address and not a port, then the server will use any available port above 1024, but will still use the specified IP address in the response.

Note: If you specify a port range, but not an IP address, the server will use its own IP address and only the ports specified.

  1. Click OK.

What exactly is a NAT firewall?

Because of today's need for increased security, many businesses utilize an initial form of network protection called a firewall to prevent unauthorized access to or from their private systems. Firewalls can be software or hardware based, or they can be comprised of a combination of both. Part of this protection can include the use of a device or application called NAT.

NAT or Network Address Translation is an Internet standard that enables a local-area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. A NAT box located where the LAN meets the Internet makes all necessary IP address translations. Additionally, NAT provides a type of firewall by hiding internal IP addresses, and it enables a company to use more internal IP addresses. Since they are used internally only, there is no possibility of conflict with IP addresses used by other companies and organizations.


Ipswitch, Inc.
http://www.ipswitch.com
TOC PREV NEXT INDEX
©Ipswitch 2003