SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Posts: 43
Registered: ‎11-23-2011
0 Kudos

Passive FTP

I have a user sitting behind a Juniper SRX 210 gateway.  They are trying to reach a secure passive FTP server over the Internet.  The server is using Explicit TLS which is port 21 for the command port but ports 10000 - 12000 for the range to transmit data.  I have determined that the SRX is blocking the data port(s).


Is there any way to open up that port range in NAT and in policies without having to enter each port one at a time?


Or is there a more best practices way?



Trusted Expert
Posts: 279
Registered: ‎02-13-2012
0 Kudos

Re: Passive FTP



Just in case , you haven't tried this -  KB19444 (How to let FTPS pass though a SRX device) .


Posts: 9
Registered: ‎11-01-2007
0 Kudos

Re: Passive FTP

What about when using the SRX as a forward-router - I have an SRX 210h at my house and I'm trying to FTP to a server elsewhere on the Internet (@ I'm unable to get FTP-ES to work. FTP and Pasv mode work fine, but not FTP-ES. I tried from 2 different FTP clients and also my Android device (AndFTP). As soon as I set my Android device to 4G (bypassing my Wi-Fi) it worked. So I know I have the right configuration, and I know it's related to my home network (likely my router, could also be my EX 2200c switch though - somehow). Any ideas? Thanks!