Publishing FTP with UAG

Those with a sharp eyesight may have noticed that the FTP template that was available with IAG is not available in UAG. Publishing FTP is not in high demand, but if you need to do it, it is possible using simple tunneling. Here are the steps:

1. Create a new application on your UAG trunk

2. From the Client/server and legacy group , select Generic Client Application (multiple servers)

3. In step 4 of the wizard, specify the internal name of your FTP server, and in the ports section, specify 20, 21, 1024-65535

4. Complete the wizard and activate the configuration.

image

The reason for specifying such a large range of ports is that FTP requires a secondary connection using a secondary port, and that port is determined dynamically by the target server. By default, it could be any port, so you need to include all of them. If you wish to limit this number, some FTP servers allow you to do so. For example, with IIS, this is described here.

One thing to keep in mind when using this type of application is that the high number of ports is a burden both for the UAG server, and for the client. On the client, this template configurs the socket forwarder to listen on many ports, and on the UAG server, this creates multiple connections to the backend FTP server. If your intention is to have many clients using this template, then keep an eye on the server performance parameters and network usage to make sure the behavior is within acceptable parameters.

You can also add to the user experience by making use of the Enhanced generic client application template. This template allows you to specify an executable to launch on the client when the tunnel is launched. If all your clients have a regular FTP client installed, you could specify it there, and also include arguments. For example, if your clients have FileZilla installed, the executable path would be c:\Program Files\FileZilla FTP Client\filezilla.exe, and you could specify arguments to open a predefined connection or the FTP server to use. Another thing you could do is point the app to Internet Explorer, with the argument being the URL of the FTP server. For example:

image

Comments

  • Anonymous
    March 21, 2013
    If any SSLVPN application (this is not restricted to an application publishing FTP) is published using port 65535, UAG will enter an infinite loop whenever the application is launched from the UAG portal page. At the w3wp.exe process on the UAG server will start rapidly consuming memory which will eventually cause the server to stop responding.

  • Anonymous
    March 21, 2013
    Port range end value need to be changed to 65534. (So the port range should be 20,21,1024-65534 in order to prevent rapid memory consumption by the IIS Worker process and prevent the server to become unresponsive)

  • Anonymous
    December 05, 2013
    Hi Ben, I published ftp using uag but I cannot connect to ftp site. It says cannot connect connection timed out. here is my config. I have created a http trunk and published ftp using your guide but no luck. It is filezilla ftp server internally works fine. Externally doesn't. Please help.