We are a user of a CyberGuard Corp (Harris) CyberGuard firewall.
The CyberGuard firewall has an FTP proxy to authenticate FTP sessions. It
operates essentially in two different modes when authenticating the user.
1 User FTPs to firewall and is authenticated (firewall user id and
password). During the authentication process the user specifies the target
host. On authentication success, the user is connected to the target host,
where he/she authenticates, and if successful, proceeds with file
2 User FTPs directly to target host. The FTP proxy intercepts the
session, prompting for firewall user id and password. Once authenticated,
the FTP proxy establishes an ftp session with the desired target host. The
user authenticates, and if successful, proceeds with file transfers.
This process works fine for textual based user interfaces (such as the
plain old UNIX ftp client application), as the prompt / response process is
presented directly to the user. However, GUI based ftp clients, such as
Netscape Navigator, completely barf on this as the authentication process
at the firewall, with its prompting / command response sequence, is
completely foreign to them.
This is becoming a problem, all the GUI based FTP clients that we have
tested, including WS-FTP and Navigator, are not compatible with the
CyberGuard ftp proxy. We are looking for a solution.
We have raised this several times with Netscape - their response has been
"Navigator can not support this - it is not aware of firewall proxies." We
discussed this with CyberGuard Corp. They indicated no plans for a GUI
compatible ftp proxy.
Anyone who has thoughts on this, please email or post. Does Navigator have
this problem with other firewalls?