Skip to main content
Filip011
Filip011
New Member
November 28, 2019
Question

FTP from inside to outside not working

  • November 28, 2019
  • 1 reply
  • 5511 views

Hello,

 

I have a Fortigate firewall with inside and outside interface. My LAN to WAN policy allows HTTP, HTTPS and DNS. Now there is a requirement to allow LAN users to connect to external FTP servers. If under policy I add FTP, it won't connect to the external FTP server. If I change the policy to All, I can connect. I tried adding all FTP related services and even TFTP with no luck.

What am I doing wrong?

 

Thanks.

    1 reply

    Filip011
    Filip011Author
    New Member
    November 28, 2019

    Except if they changed the default port 21 on their side and are using a different one without telling me.

    Eleguardini
    Eleguardini
    New Member
    November 28, 2019

    Hi,

    is it that maybe the policies are in the wrong order?

    You should have first the policy for the ftp server (source: lan, destination: ip server) and then the policy that allows internet connection (source: lan, destination: all). Otherwise, if they are in the opposite order, all the traffic will end up in the second policy I mentioned where the ftp is not allowed.

     

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    November 28, 2019

    @Eleguardini: this is not true in every case. Imagine policy 1 allows "HTTP, HTTPS, someother". Then FTP traffic will not match and fall through to policy 2 (which allows FTP).

     

    But you're right in general, the most specific policy needs to be topmost. Matching criteria are all of source interface and addr, dest interface and addr, service, schedule, and action.

    Terms & ConditionsAccessibility statement