Screen OS

Hi All,

I have problem when connecting to FTP server from LAN, the connection has established but can't list directory...

I already create policy for FTP service (Incoming and outgoing).

Can you advise some setting i missed?

Is the ftp on the standard port?

Is the ftp alg still turned on?

What direction is the transfer, from client on LAN out to what zone

Or from what zone into the LAN.

The specific topology may have asymmetrical routing causing issues with the sessions.

The FTP use port# 1993, I already create policy for port#1993 also.

The ftp alg still turned on.

Direction from client on LAN to Untrust. Now I just need from an FTP server outsite

Hi,

    can you please tell me which FTP service are you trying to use? Active or Passive?

Set appropriate filters (set ff dst-ip ****) and debugs (debug nat ftp and debug flow basic) and then initiate traffic.Look what the debug shows. 

On your policy for the custom ftp port, you need to select the application FTP.  This tells the policy to apply the FTP alg to this traffic and permit the random ports used in active FTP.

---

@spuluka wrote:

On your policy for the custom ftp port, you need to select the application FTP.  This tells the policy to apply the FTP alg to this traffic and permit the random ports used in active FTP.

---

Hi spuluka,

Now its working. Thanks so much for your help!

Regards,

SY