Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 3110 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Filezilla client configuration to work with firewall

drex dobson

First, great software.  Not an expert at this but trying to do the following: simply access an FTP site using Filezilla as a client behind SophosFW.

I've tried everything I can find.  Personally, the search is wonderful but includes results that neither apply nor are too old.

It would be helpful if a definitive solution would be posted and marked for a particular product (Sophos FW, how to configure FTP client behind firewall).

Ok so here goes:

2022-03-06 04:52:57Firewallmessageid="01001" log_type="Firewall" log_component="Invalid Traffic" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="N/A" nat_rule_id="0" policy_type="0" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" vlan_id="" ether_type="IPv4 (0x0800)" bridge_name="" bridge_display_name="" in_interface="" in_display_interface="" out_interface="" out_display_interface="" src_mac="" dst_mac="" src_ip="external FTP server" src_country="USA" dst_ip="MYIP" dst_country="USA" protocol="TCP" src_port="45993" dst_port="53911" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="Could not associate packet to any connection." appresolvedby="Signature" app_is_cloud="0"

It appears the FTP site uses 40000-54000 for  ports

Active nor passive connection works

FTP log:
Status: Connecting to FTPSITE.net...
Response: fzSftp started, protocol_version=11
Command: open "USER@FTPSITE" 22
Error: Connection timed out after 20 seconds of inactivity
Error: Could not connect to server
Status: Waiting to retry...
Status: Connecting to FTPSITE site...
Response: fzSftp started, protocol_version=11
Command: open "USER@FTPSITE" 22
Error: Connection timed out after 20 seconds of inactivity
Error: Could not connect to server

I have :

set advanced-firewall ftpbounce-prevention data 

Does not work

Added:

FIREWALLSERVICES

TCP 1:65k  21

"         "        22

"         "        990

"         "        40000:54000

"          "        20

With the following rule:

DNAT

SOURCE WAN      SOURCENETWORKS: ANY

DESTINATION: LAN

DESTINATION NETWORK: MY COMPUTER IP

SERVICES:  FIREWALLSERVICES

Didn't see anyting for reflexive rule

Also in Fizezilla, set ports from 40K:54K

It just doesn't work.  After 3 hours of this, its time to ask.

Please advise.

Yes, I read the RULEZ.  

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Port 22 is for SSH. You should add tcp port 20 for FTP data channel.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0

    Port 22 is for SSH. You should add tcp port 20 for FTP data channel.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?