We have a Windows 2003 IIS server setup behind our firewarll which is a PIX firewall. What is the best method to establish a secure FTP site on this IIS server? I have reviewed this topic on the internet and actually talked with somebody from IPSWITCH and the best method available is to purchase a third party client setup, such as IPSWITCH. This would mean end users would have to install this client when the first try to hit our FTP site and secondly they could not simply use Internet Explorer. What we want, if it exists, is to establish a secure FTP site where the end user can use their Internet Explorer browser. They can transmit files to us once they are connected and the user knows it is a secure site connnection. I also talke to Verisign and they told me their certificates do not work in establishing a secure FTP site. Will the end user then be able to come directly through the internet to our FTP site, then have to login with a userid and password and be able to upload or download files from our site?
You've stumbled across something that a lot of us deal with in the MS world when trying to accomplish this. From my personal experience with it I would do one of two things:
1)Consider using a standard FTP server with pgp encrypted files.
2)Consider using a third party product as you already have one of the better ones out there (IPSWITCH).
3)A potential solution might be to allow outside users a Web SSL VPN connection into a DMZ where all they can see is your FTP server and then pass files to it along a VPN tunnel. You'd need a cisco VPN 3005 or a newer ASA series firewall to do this though. Users would just hit a website, login to the SSL VPN and just click the object for the FTP server and pass a file along using the VPN tunnel and then sign out.
I've used the ipswitch ws_ftp pro client with good results with pgp encrypted and unencrypted files. The only problems I had with where when some boneheads used really old version of pgp which WS_FTP didn't really like. Otherwise it worked well, esp with the automated scripting client it comes with and the auto-decryption of files ending in .pgp. That was great.
Last Wiki Answer Submitted: September 1, 2006 9:14 am by PDMeat0 pts.