09-01-2011 01:53 AM - edited 09-01-2011 01:55 AM
I'm trying to enable server to server FTP transfers initated by a client located on a third computer (FXP transfer).
FTP server A and FTP server B are located in 2 different security zones of a SRX220 firewall.
To enable such transfer, the client sends an FTP PASV command to server A and transmits the parameters in a PORT command for server B. The problem is that the firewall drops the PORT command as it does not contain the client IP.
I found a workaround by configuring the FTP servers to listen on port 2121 instread of 21 (and enabling the corresponding policy), but this require opening a port range between the 2 zones for the FTP data connections (because the ALG is not working then).
Is there a way to configure the SRX220 ALG to enable such configuration ?
09-02-2011 11:13 AM
Sr. Solutions Architect
Integration Partners (http://www.integrationpartners.com)
JNCIE-M, JNCIE-ENT, JNCIP-SEC, JNCIA-EX
Twitter - @ozark46