Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
aii-mto
New Contributor II

Created on ‎01-13-2022 05:27 PM

Trying to get FTP client to connect to outside FTP server

Why is this so hard? I have a 60e 6.4.8

 

FileZilla keeps coming back with Port command tainted by router or firewall.

Machine is in a firewall rule that allows ALL.

Deep packet inspection on all ports. Also tried it with no packet inspection and no security profiles at all, just for giggles.

I was reading online about a service FTPoverTLS. I don't even have that service. But again, ALL is allowed.

I'd hate to open a ticket on this, it seems like it should be easy enough.

Any help would be appreciated.

Labels:
4817
0 Kudos
1 Solution
aii-mto
New Contributor II

Created on ‎01-14-2022 02:07 PM

Well I found an idea on my own which seems to have solved my problem.  The solution was to disable (or delete) the FTP session helper.  Once that's gone, the client works just like it's supposed to. 

View solution in original post

4794
3 REPLIES 3
AlexC-FTNT
Staff
Staff

Created on ‎01-14-2022 12:33 AM

You probably know that FTP uses two ports, one for the control session and one for the data.

Traditionally, ports 20 and 21; and for this, the FG has a session helper - make sure it still exists (show system session-helper).

FTP over TLS uses other ports (not fixed), and is not a setting in Fortigate, but on the FTP client. The service you see in this article is custom-made

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-set-a-policy-to-allow-FTP-over-TLS/...


First make sure what kind of FTP session is used by your FTP client/server apps.
Deep packet inspection is needed for FTP over TLS. But if you tested without it, did you also check with policy in flow-mode?


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
4750
0 Kudos
aii-mto
New Contributor II
In response to AlexC-FTNT

Created on ‎01-14-2022 02:08 PM

The FTP session helper seems to be what was causing my problem.  I removed it and now it's working. 

4741
0 Kudos
aii-mto
New Contributor II

Created on ‎01-14-2022 02:07 PM

Well I found an idea on my own which seems to have solved my problem.  The solution was to disable (or delete) the FTP session helper.  Once that's gone, the client works just like it's supposed to. 

4795
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.