Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Graiai
Graiai Author
User level: Level 1
98 points

Firewall client? Built-in not good enough

My company's network is super secure and we need to install a firewall client in order to allow my Mac to access FTP sites. According to the IT dept. the built in firewall client doesn't work and therefore we need something else. Unfortunately, they're very hush-hush about the configuration so I don't have any information to pass along.


So I guess my question is two-fold:


1) Could they be configuring the built-in firewall pref panel wrong?


2) Is there any third-party software that can allow FTP on my company's network?


If there's specific info that you need in order to point me in the right direction, I can try to get it.

MacBook Pro, Mac OS X (10.7.3)

Posted on Apr 30, 2012 6:54 AM

Reply
6 replies
User profile for user: thomas_r.
thomas_r.
User level: Level 7
31,989 points

Apr 30, 2012 8:11 AM in response to Graiai

Something's weird about what your IT folks are telling you. Traditional firewalls are for blocking incoming connection requests (ie, some other machine attempts to initiate a connection with yours), and on your company network you shouldn't have any incoming connections from anywhere outside the company. If you do, there's something seriously wrong with the company network's security. And connecting to an FTP server is not something that would require a firewall. You absolutely should not need a firewall on your personal computer while at work, no matter how secure the information on the company network is.


However, if the company has a requirement that you enable a firewall on your machine before they will issue you an FTP username and password, then you probably just have to comply, regardless of how little sense that makes. But again, your IT department is showing its ignorance. Your Mac has not just the basic firewall that your IT guys are claiming is inadequate, but it also has the well-regarded Unix firewall ipfw installed. It can be enabled and configured through the command line, or using a GUI tool like NoobProof or WaterRoof. If they tell you that ipfw is not adequate protection for connecting to your company FTP server, they don't have a clue what they're talking about on many levels.


If you already have login credentials for the FTP server, but you're having difficulty connecting to it, then that's a completely separate issue. If you've been using the Finder to connect, try a different tool, like Cyberduck, Transmit or Interarchy (listed in increasing order of capabilities).

Reply
User profile for user: g_wolfman
g_wolfman
User level: Level 4
1,137 points

Apr 30, 2012 1:40 PM in response to thomas_r.

Actually, in Lion the ipfw firewall was replaced with the even better regarded pf firewall from OpenBSD. ipfw is deprecated.


But that just makes the OP's problem with his IP department stand out even more. And for that matter, why would they want to use packet filtering firewalls on each individual computer? packet filtering is more properly for a network firewall. The OS X application firewall is the way it is becaus its meant to operate at the application layer, not teh network layer.


I mean, are these guys seriously suggesting an individually tuned set of packet filter and NAT rules for each individual computer on their network? Because that's just a little bit insane.


Graiai, I think you need to figure out what it is they need you to do with this ISA applicance. Installing a packet filtering firewall on your system is pointless. If they need you to connect to the ISA in its role as a proxy and/or VPN server, then that's a different issue entirely. In either case, it sounds like you need more (and precise) information.

Reply

Firewall client? Built-in not good enough

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up