I am new to the FrotiGate world and am hoping I can get a confirmation that I have set up my FTP setting correctly. My FTP is set for the default port of 21 and passive ports 11000-13000. I am trying to setup a Cerberus FTP server and this is their recommendation. Here is my firewall configuration:
Here is what I see on my Cerberus server:
Im using FileZilla to connect and here is what the client sees:
Thanks for any assistance.
Hi and welcome to the forums,
since you have hidden the >FileZilla< "entering passive mode" command/ip I assume it is not (?) 10.160.1.23 like shown on the server side but ... ENETUNREACH might indicate that the client is unable to reach the target network at all (i.e. because it's a private network behind the Fortigate, where your server resides). The most useful information is not shown...unfortunately.
Now...it is also a TLS encrypted connection and the firewall does probably not translate the PASV command IP for you (it might not 'see' the PASV command at all). Also, the PASV port differs by one on the client/server side - are both screenshots from the same session?
I haven't tested the Fortigate ssl/ssh profile options with FTPS servers yet, but alternatively the Cerberus server should/might provide an option to set the 'external' passive mode command IP manually or detect it correctly, if it does not currently (https://www.cerberusftp.com/support/faq/initialsetup.htm) ->see 'Detect WAN IP at Startup'.
It looks a bit weird that on the server side log the client connection appears to come from the same network (10.160.1.92) - so you might (un)intentionally be masking the client IPs as well?
Your firewall policy and VIP definitions might help in understanding what you have set up on the 4TG8 ...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.