SD-WAN

  • 1.  Service Application Types dns-proxy, ftp-control, ftp-data

    Posted 02-06-2020 11:12

    Hello,

    has anyone ever had experience with these service application types?
    We have already used the application type dhcp-relay.
    But dns-proxy, ftp-control, ftp-data are apparently new?
    I think that the ftp-types are there for passive-FTP support metioned in the release Notes of 4.2. but I don't know how to use them.
    More interesting for us is the dns-proxy type, can we use it to cache dns-requests?
    That would be a very helpful feature for us.

    Any assistance and some guidance is appreciated!



    ------------------------------
    Michael Uwannah
    Ahaus
    ------------------------------


  • 2.  RE: Service Application Types dns-proxy, ftp-control, ftp-data

     
    Posted 02-21-2020 12:33
    Hello Michael,

    Each of those application-types are used for different purposes. Here's an overview of the one's you're interested in.

    ftp-control, ftp-data
     - These service types are used for supporting passive-FTP mode. The ftp-control service is used for configuring the FTP control port 21 and the ftp-data service is used to dynamically learn and allow the ephemeral ports exchanged via the FTP control session. From FTP perspective, this will allow us to only keep port 21 (or any other custom port per config) to be accessible and selectively allow the learned ports for creating data connections. 

    dns-proxy
    - The feature does not do any DNS caching. It's purely operates as a proxy. In general, the idea is to advertise the LAN side IP address of the 128T router as the DNS server for that subnet. The dns-proxy service will then capture all those DNS requests. In addition, if the system has dynamic WAN interfaces such as DHCP, LTE, PPPoE etc the feature can be used to dynamically learn and proxy to those learned addresses. The proxy happens by doing a destination nat from the local IP address to the learned DNS address.

    This is just to provide a high level overview. I'll follow up with more examples and feature documentation soon.

    Thanks

    ------------------------------
    Kaushik Agrawal
    Principal Software Engineer
    MA
    (781) 328-1978
    ------------------------------

    Original Message


  • 3.  RE: Service Application Types dns-proxy, ftp-control, ftp-data

     
    Posted 02-22-2020 13:56
    Hello Michael,

    I've attached the document explaining how to use the DNS proxy feature.

    Thanks,
    Kaushik Agrawal.

    ------------------------------
    Kaushik Agrawal
    Senior Manager For Monitoring, Analytics, Extensibility and Cloud
    MA
    (781) 328-1978
    ------------------------------

    Original Message


  • 4.  RE: Service Application Types dns-proxy, ftp-control, ftp-data

    Posted 02-24-2020 02:41
    Thank you very much!
    The DNS proxy is a good feature that we can definitely use and it works differently than I imagined.

    So you use the application type ftp-control for the ftp-control service from client to server (port 21).
    But I still didn't understand how the service with the application type ftp-data has to look like? With passive ftp the service should also point from the client to the server. Must then the control-port be specified again in the service for the data connection or does the application type ftp-data ensure that not everything is automatically allowed to the server?

    Best regards,

    ------------------------------
    Michael Uwannah
    Ahaus
    ------------------------------

    Original Message


  • 5.  RE: Service Application Types dns-proxy, ftp-control, ftp-data

     
    Posted 02-24-2020 09:24
    For the ftp-data, you should just configure the IP address(es) for the server and leave the transport and port empty. Since we rely on the ftp-control service to dynamically learn the ports, the feature doesn't rely on the ports to be configured in the ftp-data service. I'll follow up with an example FTP configuration soon.

    ------------------------------
    Kaushik Agrawal
    Senior Manager For Monitoring, Analytics, Extensibility and Cloud
    MA
    (781) 328-1978
    ------------------------------

    Original Message