Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

Securing FTPS server

Hi, I have a FTPS server configured inside my network and accessible via public Internet. The firewall policy has port 990 for establishing the connection and all ports above 1024 are allowed since random ports will be used for data transfer. How can I secure my FTPS server using the IPS feature enabled on the firewall policy. Appreciate if you can provide a sample configuration.



Hi Anand, Hmm, I' m not following why you opened up ports above 1024, unless you mean outbound traffic. The handshake from outside is initiated ONLY via 990. The reply and data transfer, while technically above 1024, is initiated from the FTP server, so the traffic ' inbound' at that point is reply traffic. As for protecting it, I just use the built-in ' protect FTP server' policy.

Hi, you dont need to restrict source port, just have the nat rule with destination ports (high if you want to be obscure), need to make sure you configure the extra port for ftp / ftps scanning so the inbound inspection will look at it
Infosec Partners

FortiGate has to have certificate to do full inspection and you should import it into FortiGate otherwise no equipment can detect full inspection for traffics like this.