Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
We'd love to hear about it! Click here to go to the product suggestion community
I'm trying to permit outgoing SFTP connections, but I'm having trouble figuring out the minimal set of permissions needed.
Looking in the logs when attempting to connect to a server, I can see that an initial connection over 990 is being attempted. OK, that's one external port, I can add that. Possibly also 989 as well (as it can also be used). But then the connection fails, and the logs show attempts being made over 10210 and 10067, which seemed to have been picked at random. If FTPS is using randomized ports, how can I create a secure rule in Sophos to keep the number of ports to a minimum?
This is a problem for me too.
As you have already observed, FTP(s) use random high ports for transferring data.
The FTP-Connection-tracking-helper can recognize this negotiation and opens the dynamic ports.
But with FTPS he's blind.
i recommend SFTP/SSH-copy in these cases. Booth use Port 22TCP only.