Friday, May 18, 2012

Cyberoam and ftps

The guys at the studio had some trouble connecting to secure ftp. Their newly commissioned server would accept connections only over secure FTP on port 21, as below,
I was able to connect from BSNL network as well as from the Planetarium. But when they tried from the studio, they were getting timed out at "Initializing TLS". I replied with the following:
When the connection is initialized, a dialog box pops up, talking about the certificate, and whether we want to accept the certificate - attached. Only after you say yes does it connect. So, there are several possibilities - either your machine is not getting the certificate due to cyberoam, or somewhere in settings you have set it to not ask, or deny the certificate.

My guess is cyberoam. Cyberoam is set to proxy ftp connections. So, ftps may need some settings. You may want to ask the cyberoam support about this.

"Cyberoam parses SSL handshake (SSLv2, SSLv3, and TLS) and extracts “Common Name” (CN) from the certificate. It applies control filters on common name. Based on the outcome of filters, user is either served the page or the connection is terminated."

So probably somewhere in cyberoam you will need to add the certificate of this server, saying accept this certificate. Only then, I am guessing, will cyberoam connect to the server....
They contacted cyberoam support, and as per their recommendation added a MASQ rule so that this connection goes directly instead of through cyberoam's transparent proxy. Then it worked fine.

No comments:

Post a Comment