FTP access to server behind WatchGuard Firebox

When you open service on any port on the firewall only that specific port/protocol is allowed to the internal machine; so in your case if you use FTP proxy and allow the inbound traffic for FTP that would come in to that server only and no other internal machine. Also, all other traffic would be denied.

Please note if the attacker or remote user is intelligent enough to send FTP traffic and in that hide another traffic then other traffic would also reach the internal server; doing so is however bit tough and would need a lot of expertise. Normally you would never hit this scenario.

So go ahead and open the FTP service to just the needed server and thigs should be good.

Thank you.

I set up an ftp server behind the watchguard and tried opening up the port just to one of the internal server, the ftp server.  (ie.  From: Any, To: a specific internal host address)  I was not able to connect to it until I finally configured the ftp port as Any/Any.  I'm assuming this isn't the best practice.

I set To public-IP (from whatismyip.com) and it worked great.  As I am relatively new in this position, how do I check if the public IP is static or if it is dynamic?  I know the internal IP is static but I am not sure about the public IP as it differs from the Firebox external IP.  I don't want to have to keep updating the firewall policy whenever I reboot the ftp server.

In Policy Manager go to Network->Configuration; if you have the IP on external configured as static further also have secondary network or aliases configured then you have static IP; you can always call up your ISP and check with them if they have provided static IP or what is the service they are providing.

Thank you.

Thank you!  Everything works great.