Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
DanieleS99
Contributor

FTP control on ports >1024

Hi,

I'm searching for a way to open the ports >1024 for a set of servers only for FTP traffic.

There's a way to accomplish this with the Firewall policy? For example for understand that the traffic that is passed is related to FTP although is on ports different to 21 (This is the default behavior of FTP passive).

 

Thanks 

3 REPLIES 3
abarushka
Staff
Staff

Hello,

 

Firewall policy look up relies on FTP session helper. You may consider to change FTP session helper port. Please find the details by following the link below:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-access-FTP-server-externally-on-dif...

FortiGate
vbandha
Staff
Staff

Hi @DanieleS99 

 

If you want to open a port for a set of servers, you can make a separate firewall policy for them and define the ports under service.
You can create a service object under Policy & Objects--> Services and then add this to the firewall policy.

 

Regards,

KumarV
Staff
Staff

Hi @DanieleS99 

 

Adding on to the firewall policy. Please make sure you are not enabling the Antivirus security profile as it can drop the FTP traffic.

 

Thank you

Verender

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors