Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 3278 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FTP Outbound - Retrieving directory listing fails

SGICT

Hi, 

I'm missing something very obvious here and hope someone can help.

I've got a Sophos UTM with a bunch of computers behind it, one subnet, very straight forward. I've set the internal network so only HTTP, HTTPS and FTP can go out to external. 


Using WinSCP, trying to connect to FTP server on the internet it hangs on "Retrieving directory listing". If I set the rule so ANY ports are allowed from the internal to external, it works.


So i looked at the firewall log and see a range of ports up in the 60000s being dropped when i try to FTP when I set the rule back to HTTP, HTTPS and FTP only.


So do I really need to open a big range on the rule to allow FTP to function or is there a much cleaner and more secure way of doing this? I know FTP isnt secure but im more concerned internal PCs having a large range of ports to go out on.



This thread was automatically locked due to age.
Parents
  • +1

    have you enabled FTP connection tracking?

    Network Protection --> Firewall --> Advanced

    also please check for port 20 as well this is the session port.

    XG & UTM Architect (Systems: XG v18 & UTM 9.7 - Virtual, HW & SW)
    Curious enough to take it apart, skilled enough to put it back together, Clever enough to hide the extra parts when I'm Done!

  • 0 in reply to Argo

    Awesome, that was it, how I didn't think of that I don't know but thank you because it was driving me nuts!

Reply Children
No Data
Unfiltered HTML