Hi, I want to allow FTP clients in my LAN to connect to FTP servers outside over TLS. The server is listening in port 21 but after the initial communication client and server must communicate in a high port, but it seems the Fortigate doesn't open those ports. If I allow all the outbound ports the transfer works.I have tried with this guide with no luck: https://kb.fortinet.com/kb/documentLink.do?externalID=FD52155I think I am not doing well configuring the deep inspectionAny help?Thank you
Explicit FTPS is hence only supported with a combination of proxy-based inspection, IPS and deep inspection.
# config firewall policy edit 3 set name "FTP" set uuid fdb707ba-cfa3-51eb-1be1-c632b14d101c set srcintf "port3" set dstintf "port2" set srcaddr "all" set dstaddr "FTP" set action accept set schedule "always" set service "FTP" "FTP_GET" "FTP_PUT" set utm-status enable set inspection-mode proxy <----- set ssl-ssh-profile "FTP-scan" <----- set ips-sensor "default" <----- set logtraffic all next end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.