Solved

WatchGuard XTM Open Port range for FTP

Posted on 2013-05-14
4
1,416 Views
Last Modified: 2013-05-20
Hi,

I have a watchguard firebox XTM.  I am working with another company which has setup an FTP account for files that I need to get.  The details about the connection are:
Protocol: FTP
Encryption: Require explicit FTP over TLS
Logon type: Normal

When I login everything is okay but it fails when listing the files.  This is what they sent me:

"Please note:  This is an FTP/s connection (Secure Socket Level 3).  You will need to have port range 20900-20999 open on your Fire Wall."

I don't know how to do that and I would appreciate if someone would help me out I have read the instructions on the watchguard help site with no success.

Thanks.
0
Comment
Question by:joshcallahan1
  • 2
4 Comments
 
LVL 17

Expert Comment

by:lruiz52
ID: 39165858
Open Policy Manager.

1. Select Edit > Add Policy
2. Click New
3. Name Your Policy SEC-FTP
4. Select Packet Filter as Type.
5. Click Add
6. Click on Dropdown Arrow for Type:
            -select Port Range
7. Click on Dropdwon Arrow for Protocols
            -Select TCP/UDP
8. enter  20900 for start Server Port
9. enter 20999 fir End Server Port
10. Click OK.

APply this new policy

Sec-FTP
allowed
from: any trusted
to: any-external
0
 

Author Comment

by:joshcallahan1
ID: 39166113
I'm still getting the same error as before which is in the pic below
Error message from Filezilla
0
 
LVL 16

Accepted Solution

by:
AlexPace earned 250 total points
ID: 39166169
client-side actions are often a combination of raw ftp protocol commands.

this ftp client is choking on the server's response to PWD (print working directory) and it errors out before even attempting to fetch the directory listing... so you dont get to test the port range.  the server's response appears to be overloaded... non-standard.

try updating the client to latest patch or using a different client

if that fails, Robo-FTP client has compatibility with a bunch of non-standard servers so I would say download the 30-day trial and see if you can connect with that... its debug log should show where the failure happens.  

basically you need a client that can survive this server response and get at least far enough to send the PASV command.
0
 

Author Closing Comment

by:joshcallahan1
ID: 39181510
Correct! I downloaded a free trial of cuteFTP as RoboFTP was a little over my head and cuteFTP worked on the first try.  Thanks!
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now