I have recently upgraded our checkpoint firewall to NGX version and have added a second internet link and configured the system to use ISP redundancy. When i try to make ftp connections to external ftp servers it is variable as to whether it connects or not. Generally when the problem occurs it will connect but when it tries to get the listing it will time out. This is the case whether we use passive of active connections. It seems to be something to do with the control connection going out on one ISP link and the data conection going out on the other ISP link as if I disconnect one of the ISP lines it connects to the ftp sites no problems. I had a similar problem with secure remote clients coming in on the ISP-2 link but I can force all VPN traffic onto 1 ISP link however there is no way I can see to force ftp connections to use the one link only. Any thoughts appreciated.