Re: ISA 2000 and TFTP

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Tristan Kington [MSFT] (tristank_at_online.microsoft.com)
Date: 05/01/04 

Date: Sat, 1 May 2004 15:51:46 +1000

Nasty little protocol; just the definition makes me nervous!

I've done this before using the Firewall client to get a single TFTP server
(running as the logged-on user) published. 

---
Protocol Definition: TFTP Server
UDP 69 Receive
Secondary: UDP 1-65535 Send Receive
---
Create a WSPCFG.INI in the TFTP server app's folder:
---
[NameOfServerExeWithoutTheDotEXE]
RemoteBindUDPPorts=69
---
And that's pretty much it; you'll need to allow the use of that protocol by 
that user, if the user doesn't have unrestricted access.
Whenever the TFTP server is running and the firewall client is enabled, it 
should bind the port (assuming it's free).
For an NT-style Service process, you'll need to mess around with 
permissions, but it's probably a better idea security-wise to only run the 
TFTP server when you need it.
HTH
TristanK
-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
"Richard Frueh" <rvf@alumni.rice.edu> wrote in message 
news:6de001c42efa$d2e68180$a001280a@phx.gbl...
Here's my situation:  I have an ISA server between my
internal network and my HW firewall and external router.
Life is good as far as server publishing goes, and almost
everything works, but one thing.  I cannot TFTP my
configurations from the router and firewall to my tftp
server inside the network.  This is annoying since it is
the easiest way to upgrade firmware on the fw/routers,
and the easiest way to save configurations.
Unfortunately, ISA comes only with TFTP definition for
outgoing, not for TFTP.  So, we've tried to create a TFTP
protocol definition, fooling around with
inbound/outbound/send/receive, to no avail.  It's been
recommended that I look at using the firewall client to
solve the problem but that doesn't help me without a lot
more info on configuring the firewall client.
Has anyone done this, and if so, can they give me an idea
how to do it, without having to give a developer a copy
of the SDK and the TFTP RFC, so they can write an
application filter?  It seems like this shouldn't be
rocket science, after all.
Thanks,
Rich

Relevant Pages

  • Re: Still no TFTP client?
    ... I am running a tftp server you probably won't find it) how would ... sometimes the issue was caused by a simple typo in the configuration file. ... Application sends SNMP command to network device telling it to write its config to this file name. ...
    (comp.os.vms)
  • Re: Still no TFTP client?
    ... I am running a tftp server you probably won't find it) how would ... "A typo in a configuration file" is not a Unix problem. ... way is non-functional and the other a security hole. ...
    (comp.os.vms)
  • Re: Still no TFTP client?
    ... examples of Cisco on the Web show TFTP for moving configs, ... How do you handle it with older network equipment which ONLY supports ... I am running a tftp server you probably won't find it) how would ...
    (comp.os.vms)
  • Re: TFTP to Pix 506 Issues
    ... I believe it merges with the running config, ... The 'wr net' command does, ... copy the current running config to the network (TFTP) server. ... > the configuration from the TFTP server back into the PIX. ...
    (comp.security.firewalls)
  • tftpd - timeouts and possible Denial-Of-Service
    ... Although the tftp protocol has, apparently, been intended from the outset ... First, with regards to the FreeBSD tftpd daemon, I see that unlike its ... any way of specifying any sorts of per-packet or per-transfer timeouts. ...
    (freebsd-net)