FOS 7.4.3
I have a client trying to use passive mode for FTP. This mode uses many ports, not just port 20/21.
Is there a Service on the Fortinet that allows FTP ALG? Currently we have this open to any ports
TIA :)
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @martyyy ,
If I understand correctly, you want to use FTP helper for different TCP ports instead of 20/21.
If you say yes, you can follow this document for your request.
Hello martyyy
As under passive mode, ftp server just listen passively, you only need configure your server FTP properly in order to work in passive mode. (*)
Your \FTP client configured in passive mode, client starts all connections, server passively listen
Under FGT you have the usual vip config on port 20/21
obs:
- we' re NOT talking here about FTP over TLS or another scenario.
- (*) for example, if you use a widely ftp server as VSFTPD, these 3 lines in server confg will take care of passive traffic for data transfer after fork
pasv_enable=Yes
pasv_max_port=40000
pasv_min_port=50000
regards
/ Abel
Actually there is a reason behind no option provided for disabling ALG for FTP protocol. In perspective of AppID, FTP cannot work without ALG for both active & passive modes.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1643 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.