FTPS

I don' t have an answer here, but I would do a network trace without the FG to see what ports are being used just in case.

Using CurrPorts (http://www.nirsoft.net/utils/cports.html) I can see that the server is using ports: 21 990 14147 (admin interface) 1086 (server interface) I have a remote FTP over SSL connection working to my home PC and it is using ports: 4806-4809 (these map to remote port 1977(my ftp port 21) and also seem to increment on remote server refreshes) 4902 (this maps to my passive ports 601xx, one of these is created for each transfer in effect) Im wondering where these 49xx ports are coming from and if I have to define them as well.

This doc may help www.studentclearinghouse.org/ftps/pdfs/SecureFTP_FirewallGuide.pdf

hhhmm - not sure if this really can work... FortiOS run several so called session-helper that parses different protocols that negotiate dynamic channels - like active-ftp would do for example. Where you have your control channel, and your data channel - the datachannel traffic (coming back) must be " opened" temporarily. same for many other protocols (you may check for session-helper in the docs) for ftps the communication is encrypted - hence a parser cannot determine on what port the protocols are negotiating. Is there something like " passive ftps" in case ? otherwise you may statically open the incoming data ports - which may be an issue in terms of security. most obvious we may not mix up SFTP and FTPS ;) i never used FTPS before - just zapping through the RFC ;) http://tools.ietf.org/html/rfc4217 Section 7 may be of interest . -R.

Just so we are clear I am looking for FTPS not SFTP. I have ports (or so i believe) 21, 990 TCP/UDP open and forwarding to my server. Am I missing something?