FTP passive mode

Question

Hello, everyone! 
 So, i've joined the family of Sophos XG users - built my own using industrial MSI motherboard - works like charm :) However, i've stumbled upon an issue - trying to configure home FTP server. 
 Rule for port 22 works fine. Trying to get FTP Passive mode - no dice. 
 Tried redirecting specific ports - no dice. 
 Tried setting ftp bounce policy to data - did not help. 
 Logs shows"Could not associate packet to any connection." 
 Using fresh install of XG 17. 
 Has anyone succeeded setting up passive FTP? 
 I've read that UTM had special function to dynamically scan ftp traffic and open correct ports. Could not find anything in XG. . 
 
 Thanks.

Kayhan Kaynak · Accepted Answer

Hello everyone, 
 
 I've been worked a lot of hours but i made it :) 
 
 Just create a business rule on firewall page . 
 Source > WAN 
 Destination > Your WAN Port 
 Services > Create New > 
 TCP - Source: 1:65535 - Destination 21 
 TCP - Source: 1:65535 - Destination 990 
 TCP - Source: 1:65535 - Destination 50000:51000 (don't forget the set filezilla passive port to 50000:51000) 
 
 Forward to > Protected Server: (Your ftp server) - Protected Zone: LAN 
 
 Tick >Create Reflexive Rule 
 
 Open console > 4. Device Console > 
 set advanced-firewall ftpbounce-prevention data 
 
 It works perfectly on me.

ShunzeLee · Answer

In my case, besides the passive port assignment, you need to set parameter in console as following. 
 set advanced-firewall ftpbounce-prevention data 
 Try it~