Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
aii-mto
New Contributor II

Trying to get FTP client to connect to outside FTP server

Why is this so hard? I have a 60e 6.4.8

 

FileZilla keeps coming back with Port command tainted by router or firewall.

Machine is in a firewall rule that allows ALL.

Deep packet inspection on all ports. Also tried it with no packet inspection and no security profiles at all, just for giggles.

I was reading online about a service FTPoverTLS. I don't even have that service. But again, ALL is allowed.

I'd hate to open a ticket on this, it seems like it should be easy enough.

Any help would be appreciated.

1 Solution
aii-mto
New Contributor II

Well I found an idea on my own which seems to have solved my problem.  The solution was to disable (or delete) the FTP session helper.  Once that's gone, the client works just like it's supposed to. 

View solution in original post

3 REPLIES 3
AlexC-FTNT
Staff
Staff

You probably know that FTP uses two ports, one for the control session and one for the data.

Traditionally, ports 20 and 21; and for this, the FG has a session helper - make sure it still exists (show system session-helper).

FTP over TLS uses other ports (not fixed), and is not a setting in Fortigate, but on the FTP client. The service you see in this article is custom-made

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-set-a-policy-to-allow-FTP-over-TLS/...


First make sure what kind of FTP session is used by your FTP client/server apps.
Deep packet inspection is needed for FTP over TLS. But if you tested without it, did you also check with policy in flow-mode?


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
aii-mto
New Contributor II

The FTP session helper seems to be what was causing my problem.  I removed it and now it's working. 

aii-mto
New Contributor II

Well I found an idea on my own which seems to have solved my problem.  The solution was to disable (or delete) the FTP session helper.  Once that's gone, the client works just like it's supposed to. 

Top Kudoed Authors