Hello Team, I have a question about how ZCC with Tunnel v1.0 handles FTP traffic.
To make a long story short, I have a working configuration now that forces Internet Explorer in the end user PC to send FTP traffic as FTP over HTTP through ZCC wit Tunnel V1.0
This is working fine.
However our customer is requesting this (FTP over ZCC with Tunnel v1.0) to work as well for FileZilla.
But if I try similar settings with FileZilla (FileZilla Settings > Generic Proxy > HTTP 1.1 Using CONNECT Method)…
…FileZilla does reach the proxy but the connection times out waiting for the welcome message:
Status: Connecting to ftp.rediris.es through HTTP proxy
Status: Connecting to 127.0.0.1:9000…
Status: Connection with proxy established, performing handshake…
Response: Proxy reply: HTTP/1.1 200 Connection Established
Status: Connection established, waiting for welcome message…
Error: Connection timed out after 20 seconds of inactivity
Error: Could not connect to server
Since there are no logs for this transaction in ZIA (Web Insights), I believe the transaction is actually not progressing beyond ZCC’s local proxy
Also, I have read this in our documentation: About FTP Control | Zscaler
With FTP Control, Zscaler provides access control for native FTP and FTP over HTTP traffic. This can be particularly useful if you are using a Z-App or PAC based deployment, as they only support FTP over HTTP traffic.
So I have reached to the hypothesis that FileZilla is actually tunnelling native FTP traffic over HTTP CONNECT, but it’s not actually using FTP over HTTP (as Internet Explorer does). But ZCC’s local proxy is, somehow, not accepting FTP tunneling over HTTP CONNECT…
QUESTION: Could someone please confirm/correct this hypothesis, please?
Many thanks in advance!