05-14-2012 06:30 PM
I have a user sitting behind a Juniper SRX 210 gateway. They are trying to reach a secure passive FTP server over the Internet. The server is using Explicit TLS which is port 21 for the command port but ports 10000 - 12000 for the range to transmit data. I have determined that the SRX is blocking the data port(s).
Is there any way to open up that port range in NAT and in policies without having to enter each port one at a time?
Or is there a more best practices way?