Firewall-1 Active FTP Failing

With a Firewall-1 release 4 (may be next generation), our internal clients are able to do an ftp active mode connection to some external ftp hosts, and with others the connections do not work.

A sniffer and the Firewall-1 security log both pretty clearly show that for the hosts that do not work, Firewall-1 sees the incoming ftp-data connection as not being part of the outgoing ftp connection, and it rejects the incoming ftp-data with the default firewall rule.

Both the connections that work and the ones that fail invoke the *identical* line number of the firewall security rules, so it is not a rule issue.

I checked the system policy properties, and we do enable both active and passive ftp with checkboxes.

Can someone explain why active ftp would work to some external hosts, but not others?

Reply to
Loading thread data ...

I recall that active ftp can choose to use different ports. If external hosts have those ports blocked then ftp will fail.

Most recommendations I see are that one use 'passive' ftp. BICBW.

Reply to
Rick Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.