Description
This article describes a possible error that may occur when accessing an FTP server over TLS.
When an Antivirus profile is used and deep-inspection is enabled, the following error is displayed in the FTP program: '502 Command REST not allowed by policy'.
Scope
FortiGate.
Solution
The FTP server is published to the WAN network through a VIP.
The firewall policy includes the following:
- SSL deep inspection.
- Antivirus.
- FTP service allowed (21 ports).
- Proxy-based policy.
FTP connects, except for the FTP command to resume downloading a file after pausing the download.
To resolve this issue configure the protocol option as below while keeping the Antivirus and DPI unchanged.
Configure protocol options as follows:
config firewall profile-protocol-options
edit <name>
config ftp
set ports 21
set options bypass-rest-command
end
After doing this, if the issue persists, open a ticket with Fortinet support.
