I'd like to make my FTPS server available for Internet users. I was glad when I found the set security alg ftp ftps-extension but somehow the NAT is not working. The connection goes up but when data is passing through the SRX does not replace the internal address of the FTPS server.
When I try to connect from my client the error is: server reports local IP.
Because I don't have your valid and invalid IP addresses replace them with my sample IP address.
If your valid IP address(preNAT) is 220.127.116.11 and your invalid IP address is 10.10.10.10(Post-NAT), and the computer in the internet is 18.104.22.168, enable traceoption on your flow as following:
edit security flow traceoptions
set file FTPS-Flow
set flag basic-datapath
set packet-filter MachtFTPS-Traffic source-prefix 22.214.171.124/32
set packet-filter MachtFTPS-Traffic source-prefix 126.96.36.199/32
set packet-filter MachtFTPS-Traffic-Reverse source-prefix 10.10.10.10/32
set packet-filter MachtFTPS-Traffic-Reverse source-prefix 188.8.131.52/32
commit the config.
The output is a little messing, it needs a little patience.
Then check the log file "FTPS-Flow" and see if NAT happening, if not happening, look it somewhere in your nat configuration, you probably have static nat or some mistakes in your nat config, if NAT is happening check to see if routing happening good, then check if source zone and destination zone in detecting, next is your policies, you have to have good policy, and after policy is ALG and some other stuff.