Non-authenticated nontransparent FTP proxy prompts for authentication
- Article Number: 000009328
- Products: Sidewinder
- Version: 8.3
- Last Published Date: September 14, 2020
When end users attempt to connect to an FTP server, the firewall sends them the following prompt:
220-Firewall ftp proxy. You must login to the proxy first.
220 Use proxy-user:auth-method@destination.
CauseThe prompt is because the non-transparent FTP proxy needs the login and destination information to determine which rule will allow the connection.
SolutionInstruct end users that they will be prompted to supply a user name, authentication method, and destination, even if the associated allow rule does not require authentication. Instruct users to respond to the Name (si_ipaddr:username): prompt by entering the @ sign followed by the FTP server’s IP address, as shown in this example:
Users who incorrectly put a user name before the prompt are still allowed access to the FTP server through the non-transparent FTP rule that does not require authentication. The firewall handles entries containing user names that do not match any existing FTP rule and entries without a user name in the same manner.
Keywords: sidewinder; ftp proxy; nontransparent; authentication; ftp server; non-transparent FTP