Secure FTP

ptilsenptilsen Member Posts: 2,835 ■■■■■■■■■■
This seems to be a common request for me, and I haven't found a "perfect" answer for it yet. Typical situation:
1. Client's vendor or customer needs a secure FTP server. They don't specify FTPS (FTP over SSL), so sometimes that means they're open to other solutions. Sometimes it has to be FTP. Everything must be encrypted.
2. The FTP server must be an existing Windows Server 2008 R2 system.
3. The server will sit behind an SMB-grade NAT firewall, using only a private IP.
4. The certificate used (assuming FTPS is used) will often be a Geotrust certificate, specifically. More on why that's significant in a moment.

I've only found a couple of solutions that work at all, and nothing works particularly well.
1. IIS 7.5 FTP over SSL (FTPS)
IIS 7.5 allows for FTPS, and it will work behind a NAT firewall... using the FireFTP client, and only the FireFTP client. I have not yet found any other FTP client that will talk to IIS 7.5 FTPS, even doing full 1:1 NAT. I haven't tested it on a public IP without NAT, but for our purposes here that is not feasible. It doesn't even work with IE, Explorer, or the built-in Windows FTP client. This leads to us having to mandate and support a specific client.
2. Filezilla FTP over SSL (FTPS)
Filezilla seems to work with more FTP clients, but still encounters problems. It uses its own authentication system rather than LDAP integration with AD. The Filezilla client won't take Geotrust certificates out-of-the-box. Not all FTP clients work, which still leads to support issues (not as bad as IIS, though).
3. SSH File Transfer Protocol (SFTP)
Seems to work just fine, but again, no authentication through AD, and keys management is more difficult and ultimately doesn't suit our needs. FTPS seems to be the "more standard" solution, and SFTP clients are just as restrictive as the first two solutions.

I guess what I'm looking for is the "perfect" solution - a Windows-based FTP server that does automatic or nearly automatic LDAP integration, works behind an appropriately configured FTP-aware NAT firewall, and has near universal client compatibility such that I do not need to give customers client-specific instructions based on their platform and desired FTP client.

IIS 7.5 really seems like a good solution other than the part where it doesn't work with hardly anything. If someone has gotten it to work behind NAT, I sure would appreciate any tips on what we've been doing wrong.
Working B.S., Computer Science
Complete: 55/120 credits SPAN 201, LIT 100, ETHS 200, AP Lang, MATH 120, WRIT 231, ICS 140, MATH 215, ECON 202, ECON 201, ICS 141, MATH 210, LING 111, ICS 240
In progress: CLEP US GOV,
Next up: MATH 211, ECON 352, ICS 340


Sign In or Register to comment.