You are not able to access an FTP server running on a control port other than 21 over the proxy; the data channel is not getting open.
This issue is not directly caused by the ProxySG appliance. The appliance understands the request as FTP and provides the access for both passive and active modes based on the policy/configuration. The issue occurs mainly due to an upstream firewall that does not understand the traffic as FTP. From the firewall's point of view, the request is just a TCP connection and the subsequent data connection could be denied. If we provide any-any access to the Proxy’s IP address, access works for passive FTP because the firewall also allows the connection initiated on the data port.
To resolve the issue, configure the firewall to understand and allow the FTP running on higher port. Refer to the instructions for Checkpoint and Cisco.
Imported Document ID: 000008414
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.