Passive ftp Fortigate 5.2.11

Forum|Forum|8 years ago
July 17, 2017
1 reply
9463 views

Hello,

I have some issues with ftp after entering passive mode ..

PASV 227 Entering Passive Mode (5,149,39,69,250,174). LIST Connect socket #1760 to 5.149.39.69, port 64174. timeout

Below my ftp session helper conf on global but it seems to be not enough, infact after connecting on tcp/21 then entering passive mode I get denied connection on tcp/64xxx ports.

edit 9 set name ftp set protocol 6 set port 21 next

How can I enable passive ftp ?

jhouvenaghel_FTNT

Staff

Hello,

The session helper as shown in your last message should be enough to process and open pin holes for active or passive ftp. You don't need to do something else

Can you sniff on both sides (ftp client and server) when the data session is opening to see if the problem does not come from the client/server ?

BabodaAuthor

New Member

hello, can you show me command lines to use to sniffer traffic.

jhouvenaghel_FTNT

Staff

You can sniff on the client and server itself .

If there is no NAT on the FGt, you can sniff as well on the FGT with : diag sniffer packet any ' host <clientIPaddress> and host <serverIPaddress>" 6 0 a and convert the trace in wireshark format

Please note that the data session can be accelerated if you have NPs in your FGt so you may only see the first packets of this session

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded