Solved

WatchGuard XTM Open Port range for FTP

Posted on 2013-05-14
4
1,440 Views
Last Modified: 2013-05-20
Hi,

I have a watchguard firebox XTM.  I am working with another company which has setup an FTP account for files that I need to get.  The details about the connection are:
Protocol: FTP
Encryption: Require explicit FTP over TLS
Logon type: Normal

When I login everything is okay but it fails when listing the files.  This is what they sent me:

"Please note:  This is an FTP/s connection (Secure Socket Level 3).  You will need to have port range 20900-20999 open on your Fire Wall."

I don't know how to do that and I would appreciate if someone would help me out I have read the instructions on the watchguard help site with no success.

Thanks.
0
Comment
Question by:joshcallahan1
  • 2
4 Comments
 
LVL 17

Expert Comment

by:lruiz52
ID: 39165858
Open Policy Manager.

1. Select Edit > Add Policy
2. Click New
3. Name Your Policy SEC-FTP
4. Select Packet Filter as Type.
5. Click Add
6. Click on Dropdown Arrow for Type:
            -select Port Range
7. Click on Dropdwon Arrow for Protocols
            -Select TCP/UDP
8. enter  20900 for start Server Port
9. enter 20999 fir End Server Port
10. Click OK.

APply this new policy

Sec-FTP
allowed
from: any trusted
to: any-external
0
 

Author Comment

by:joshcallahan1
ID: 39166113
I'm still getting the same error as before which is in the pic below
Error message from Filezilla
0
 
LVL 16

Accepted Solution

by:
AlexPace earned 250 total points
ID: 39166169
client-side actions are often a combination of raw ftp protocol commands.

this ftp client is choking on the server's response to PWD (print working directory) and it errors out before even attempting to fetch the directory listing... so you dont get to test the port range.  the server's response appears to be overloaded... non-standard.

try updating the client to latest patch or using a different client

if that fails, Robo-FTP client has compatibility with a bunch of non-standard servers so I would say download the 30-day trial and see if you can connect with that... its debug log should show where the failure happens.  

basically you need a client that can survive this server response and get at least far enough to send the PASV command.
0
 

Author Closing Comment

by:joshcallahan1
ID: 39181510
Correct! I downloaded a free trial of cuteFTP as RoboFTP was a little over my head and cuteFTP worked on the first try.  Thanks!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Explore the encryption capabilities built into Google Apps and how these features can help you meet privacy policy and regulatory compliance, but are not a full solution. Understand and compare the most popular email encryption services for Google A…
Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now