Which authentication mode is needed for FTP proxy authentication?


<< Back to Knowledge Search

Solution

Overview

When authenticating FTP traffic on the ProxySG, the authentication mode of "Proxy" should be used.

It is important to use "Proxy" authentication mode because it does not use a surrogate such as an IP address when authenticating. In other words, authentication is not cached. So the proxy is expecting authentication credentials each time you login via FTP. The reason this is necessary is because when using an IP surrogate such as with the authentication mode of "Proxy IP", the proxy is not expecting the credentials when a user is already authenticated on the proxy from a previous transaction. So in this case, when proxy credentials are provided, the login fails.

Example of CPL rule set to authenticate FTP with authentication mode of "Proxy" (with a rule under it to authenticate everything else with "Proxy IP" mode:

 

<Proxy>

    url.port=21 authenticate(realm-name) authenticate.force(no) authenticate.mode(proxy)
    authenticate(realm-name) authenticate.force(no) authenticate.mode(proxy-ip)

In the VPM, you can create a rule above any general authenticate rules set with the following:

Destination field: Destination Host Port object = 21

Action field: Authenticate object, Authenticate Mode = Proxy

 

 

Cause
Resolution
Workaround
Additional Information
Bug Number
InQuira Doc IdFAQ2152
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      ProxySG
Software      SGOS 4, SGOS 5, SGOS 6
Topic      Authentication
Article Number      000015842
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat