This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FTP between hosts on VPN TUNNEL not working

Kirsten Mellein over 2 years ago

Hello,

we have a vpn tunnel between customer and service provider. The ftp traffic don't pass the firewall.

The firewall rule looks like:

It's passive ftp. In the tcpdump i can see the ftp error 550.

Any ideas?

Best regards

This thread was automatically locked due to age.

Parents

0 Vivek Jagad over 2 years ago

Hello Kirsten Mellein,

Thank you for reaching out to the community, can you please create a two separate FW rules i.e. traffic from LAN to VPN and VPN to LAN [in vpn to lan create a LINKED NAT with MASQ enabled] And see if that helps.

Based on the error 550 - It is a permanent negative response, which means the client is discouraged from sending the command again since the server will respond with the same response code.

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Kirsten Mellein over 2 years ago in reply to Vivek Jagad

Hello,

thanks for your answer.

The dataflow ist rz -S2SVPN> customer -S2SVPN> service provider

and

service provider -S2SVPN> customer -S2SVPN> rz

So if i configure the two firewall rules the traffic don't pass this rules.

Best regards
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Kirsten Mellein over 2 years ago in reply to Vivek Jagad

Hello,

thanks for your answer.

The dataflow ist rz -S2SVPN> customer -S2SVPN> service provider

and

service provider -S2SVPN> customer -S2SVPN> rz

So if i configure the two firewall rules the traffic don't pass this rules.

Best regards
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Vivek Jagad over 2 years ago in reply to Kirsten Mellein

Kirsten Mellein, can you confirm with the packet capture which FW rule the traffic hits ?
Monitor traffic using Packet Capture Utility : https://support.sophos.com/support/s/article/KB-000035761?language=en_US

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Kirsten Mellein over 2 years ago in reply to Vivek Jagad

I see that all the relevant traffic pass the rule 0 (drop all).

After that i have configure two firewall rules with source and destination zone any. I attach only the source and destination networks. Now i can see in the log that the traffic pass the new rules and port 21 is allowed.

But data transfer over ftp isn't working.
Cancel
Vote Up 0 Vote Down

Cancel
0 Vivek Jagad over 2 years ago in reply to Kirsten Mellein

Can you provide us a screenshot of the FW rule configured and the packet capture where traffic for the FTP can be seen going through FW rule 21 ? And have you tried creating a linked NAT rule with option MASQ under Translated source (SNAT)

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

FTP between hosts on VPN TUNNEL not working

Submitted a Tech Support Case lately from the Support Portal?