SRX Services Gateway
SRX Services Gateway

Passive FTP

05.14.12   |  
‎05-14-2012 06:30 PM

I have a user sitting behind a Juniper SRX 210 gateway.  They are trying to reach a secure passive FTP server over the Internet.  The server is using Explicit TLS which is port 21 for the command port but ports 10000 - 12000 for the range to transmit data.  I have determined that the SRX is blocking the data port(s).

 

Is there any way to open up that port range in NAT and in policies without having to enter each port one at a time?

 

Or is there a more best practices way?

 

James

2 REPLIES
SRX Services Gateway

Re: Passive FTP

05.14.12   |  
‎05-14-2012 08:11 PM

Hi,

 

Just in case , you haven't tried this -  KB19444 (How to let FTPS pass though a SRX device) .

 

Regards,
Pradeep JNCIE-SEC
SRX Services Gateway

Re: Passive FTP

01.06.14   |  
‎01-06-2014 10:20 AM
What about when using the SRX as a forward-router - I have an SRX 210h at my house and I'm trying to FTP to a server elsewhere on the Internet (@ HostGator.com). I'm unable to get FTP-ES to work. FTP and Pasv mode work fine, but not FTP-ES. I tried from 2 different FTP clients and also my Android device (AndFTP). As soon as I set my Android device to 4G (bypassing my Wi-Fi) it worked. So I know I have the right configuration, and I know it's related to my home network (likely my router, could also be my EX 2200c switch though - somehow). Any ideas? Thanks!