Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 3103 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Filezilla client configuration to work with firewall

drex dobson

First, great software.  Not an expert at this but trying to do the following: simply access an FTP site using Filezilla as a client behind SophosFW.

I've tried everything I can find.  Personally, the search is wonderful but includes results that neither apply nor are too old.

It would be helpful if a definitive solution would be posted and marked for a particular product (Sophos FW, how to configure FTP client behind firewall).

Ok so here goes:

2022-03-06 04:52:57Firewallmessageid="01001" log_type="Firewall" log_component="Invalid Traffic" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="N/A" nat_rule_id="0" policy_type="0" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" vlan_id="" ether_type="IPv4 (0x0800)" bridge_name="" bridge_display_name="" in_interface="" in_display_interface="" out_interface="" out_display_interface="" src_mac="" dst_mac="" src_ip="external FTP server" src_country="USA" dst_ip="MYIP" dst_country="USA" protocol="TCP" src_port="45993" dst_port="53911" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="Could not associate packet to any connection." appresolvedby="Signature" app_is_cloud="0"

It appears the FTP site uses 40000-54000 for  ports

Active nor passive connection works

FTP log:
Status: Connecting to FTPSITE.net...
Response: fzSftp started, protocol_version=11
Command: open "USER@FTPSITE" 22
Error: Connection timed out after 20 seconds of inactivity
Error: Could not connect to server
Status: Waiting to retry...
Status: Connecting to FTPSITE site...
Response: fzSftp started, protocol_version=11
Command: open "USER@FTPSITE" 22
Error: Connection timed out after 20 seconds of inactivity
Error: Could not connect to server

I have :

set advanced-firewall ftpbounce-prevention data 

Does not work

Added:

FIREWALLSERVICES

TCP 1:65k  21

"         "        22

"         "        990

"         "        40000:54000

"          "        20

With the following rule:

DNAT

SOURCE WAN      SOURCENETWORKS: ANY

DESTINATION: LAN

DESTINATION NETWORK: MY COMPUTER IP

SERVICES:  FIREWALLSERVICES

Didn't see anyting for reflexive rule

Also in Fizezilla, set ports from 40K:54K

It just doesn't work.  After 3 hours of this, its time to ask.

Please advise.

Yes, I read the RULEZ.  

Thanks



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to jprusch

    yeah that's great and all, but as a HOME USER who is trying to use the firewall for HOME PROTECTION, this is where the product fails.  Some of us are not IT gurus, but pretty good at this, and when the documentation nomenclature doesn't match the product, its a fail fail situation all around.

    Thanks for replying.

    #1  I figured out by just plain guess that a Business Rule is actually a DNAT setting.  #1 the articles are old, refer to deprecated names and product versions.  It would be nice to have a how to video or at least some current documentation that really helps; this read the articles I have read several times, and changing settings to guess the answer, and actually getting it right without allowing firewall traffic in that shouldn't come in, isn't best practice.

    #2, so is the issue that I am pointing to the internal computer, rather than the WAN?

    Are you saying my rule sould be WAN to WAN?

    Thanks in advance for any clarification you can provide.

Children
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?