Skip to main content
martyyy
martyyy
Explorer III
August 5, 2024
Question

FTP ALG

  • August 5, 2024
  • 3 replies
  • 3619 views

FOS 7.4.3

I have a client trying to use passive mode for FTP. This mode uses many ports, not just port 20/21.
Is there a Service on the Fortinet that allows FTP ALG? Currently we have this open to any ports

 

TIA :) 

3 replies

ozkanaltas
ozkanaltas
Valued Contributor III
August 5, 2024

Hello @martyyy ,

 

If I understand correctly, you want to use FTP helper for different TCP ports instead of 20/21. 

 

If you say yes, you can follow this document for your request. 

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-access-FTP-server-externally-on-different/ta-p/195059

    abelio
    SuperUser
    abelio
    SuperUser
    August 5, 2024

    Hello martyyy

    As under passive mode, ftp server just listen passively, you only need configure your server FTP properly in order to work in passive mode.  (*)
    Your \FTP client configured in passive mode, client starts all connections, server passively listen 
    Under FGT you have the usual vip config on port 20/21 


    obs:

    - we' re NOT talking here about FTP over TLS or another scenario.

    - (*) for example, if you use a widely ftp server as VSFTPD, these 3 lines in server confg will take care of passive traffic for data transfer after fork

    pasv_enable=Yes
    pasv_max_port=40000
    pasv_min_port=50000

     

     

     

     

     

      muketsu
      muketsu
      New Member
      August 6, 2024

      Actually there is a reason behind no option provided for disabling ALG for FTP protocol. In perspective of AppID, FTP cannot work without ALG for both active & passive modes.

        Terms & ConditionsAccessibility statement