Trying to get FTP client to connect to outside FTP server

Question

Why is this so hard? I have a 60e 6.4.8

FileZilla keeps coming back with Port command tainted by router or firewall.

Machine is in a firewall rule that allows ALL.

Deep packet inspection on all ports. Also tried it with no packet inspection and no security profiles at all, just for giggles.

I was reading online about a service FTPoverTLS. I don't even have that service. But again, ALL is allowed.

I'd hate to open a ticket on this, it seems like it should be easy enough.

Any help would be appreciated.

aii-mto · Accepted Answer

Well I found an idea on my own which seems to have solved my problem.  The solution was to disable (or delete) the FTP session helper.  Once that's gone, the client works just like it's supposed to.

AlexC-FTNT · Answer

You probably know that FTP uses two ports, one for the control session and one for the data.

Traditionally, ports 20 and 21; and for this, the FG has a session helper - make sure it still exists (show system session-helper).

FTP over TLS uses other ports (not fixed), and is not a setting in Fortigate, but on the FTP client. The service you see in this article is custom-made

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-set-a-policy-to-allow-FTP-over-TLS/ta-p/192140

First make sure what kind of FTP session is used by your FTP client/server apps.
Deep packet inspection is needed for FTP over TLS. But if you tested without it, did you also check with policy in flow-mode?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded