Why is this so hard? I have a 60e 6.4.8
FileZilla keeps coming back with Port command tainted by router or firewall.
Machine is in a firewall rule that allows ALL.
Deep packet inspection on all ports. Also tried it with no packet inspection and no security profiles at all, just for giggles.
I was reading online about a service FTPoverTLS. I don't even have that service. But again, ALL is allowed.
I'd hate to open a ticket on this, it seems like it should be easy enough.
Any help would be appreciated.
Solved! Go to Solution.
Well I found an idea on my own which seems to have solved my problem. The solution was to disable (or delete) the FTP session helper. Once that's gone, the client works just like it's supposed to.
You probably know that FTP uses two ports, one for the control session and one for the data.
Traditionally, ports 20 and 21; and for this, the FG has a session helper - make sure it still exists (show system session-helper).
FTP over TLS uses other ports (not fixed), and is not a setting in Fortigate, but on the FTP client. The service you see in this article is custom-made
First make sure what kind of FTP session is used by your FTP client/server apps.
Deep packet inspection is needed for FTP over TLS. But if you tested without it, did you also check with policy in flow-mode?
The FTP session helper seems to be what was causing my problem. I removed it and now it's working.
Well I found an idea on my own which seems to have solved my problem. The solution was to disable (or delete) the FTP session helper. Once that's gone, the client works just like it's supposed to.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1747 | |
1114 | |
760 | |
447 | |
241 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.