FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rbarnes
Staff
Staff
Article Id 359470
Description

This article describes the case when:

  • FortiGate is configured in Azure.
  • Passive FTP traffic failing to get directory listing.
  • Passive FTP failing to transfer files.
Scope FortiGate Azure VM.
Solution

VIP is already configured for the server with all ports open.

 

passivftpvipb.png

 

Packet capture example for the problem:

 

passivftppcapbcg.png

 

The solution to this is to delete the FTP session helper.

First, find the FTP session helper:

 

config system session-helper

show 

 

Note: Look for FTP port 21(by default it is 'edit 9').

 

Snippet:

 

    next

    edit 8

        set name rtsp

        set protocol 6

        set port 8554

    next

    edit 9

        set name ftp

        set protocol 6

        set port 21

    next

    edit 10

        set name mms

        set protocol 6

        set port 1863

    next

end

 

config system session-helper

show

delete 9

end

 

Then try the FTP connection.