SRX Services Gateway
Posts: 28
Registered: ‎11-23-2011

Passive FTP

I have a user sitting behind a Juniper SRX 210 gateway.  They are trying to reach a secure passive FTP server over the Internet.  The server is using Explicit TLS which is port 21 for the command port but ports 10000 - 12000 for the range to transmit data.  I have determined that the SRX is blocking the data port(s).


Is there any way to open up that port range in NAT and in policies without having to enter each port one at a time?


Or is there a more best practices way?



Recognized Expert
Posts: 241
Registered: ‎02-13-2012

Re: Passive FTP



Just in case , you haven't tried this -  KB19444 (How to let FTPS pass though a SRX device) .


Best regards
Posts: 9
Registered: ‎11-01-2007

Re: Passive FTP

What about when using the SRX as a forward-router - I have an SRX 210h at my house and I'm trying to FTP to a server elsewhere on the Internet (@ I'm unable to get FTP-ES to work. FTP and Pasv mode work fine, but not FTP-ES. I tried from 2 different FTP clients and also my Android device (AndFTP). As soon as I set my Android device to 4G (bypassing my Wi-Fi) it worked. So I know I have the right configuration, and I know it's related to my home network (likely my router, could also be my EX 2200c switch though - somehow). Any ideas? Thanks!
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.