[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

WatchGuard XTM Open Port range for FTP

Posted on 2013-05-14
4
Medium Priority
?
1,559 Views
Last Modified: 2013-05-20
Hi,

I have a watchguard firebox XTM.  I am working with another company which has setup an FTP account for files that I need to get.  The details about the connection are:
Protocol: FTP
Encryption: Require explicit FTP over TLS
Logon type: Normal

When I login everything is okay but it fails when listing the files.  This is what they sent me:

"Please note:  This is an FTP/s connection (Secure Socket Level 3).  You will need to have port range 20900-20999 open on your Fire Wall."

I don't know how to do that and I would appreciate if someone would help me out I have read the instructions on the watchguard help site with no success.

Thanks.
0
Comment
Question by:joshcallahan1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 17

Expert Comment

by:lruiz52
ID: 39165858
Open Policy Manager.

1. Select Edit > Add Policy
2. Click New
3. Name Your Policy SEC-FTP
4. Select Packet Filter as Type.
5. Click Add
6. Click on Dropdown Arrow for Type:
            -select Port Range
7. Click on Dropdwon Arrow for Protocols
            -Select TCP/UDP
8. enter  20900 for start Server Port
9. enter 20999 fir End Server Port
10. Click OK.

APply this new policy

Sec-FTP
allowed
from: any trusted
to: any-external
0
 

Author Comment

by:joshcallahan1
ID: 39166113
I'm still getting the same error as before which is in the pic below
Error message from Filezilla
0
 
LVL 16

Accepted Solution

by:
AlexPace earned 1000 total points
ID: 39166169
client-side actions are often a combination of raw ftp protocol commands.

this ftp client is choking on the server's response to PWD (print working directory) and it errors out before even attempting to fetch the directory listing... so you dont get to test the port range.  the server's response appears to be overloaded... non-standard.

try updating the client to latest patch or using a different client

if that fails, Robo-FTP client has compatibility with a bunch of non-standard servers so I would say download the 30-day trial and see if you can connect with that... its debug log should show where the failure happens.  

basically you need a client that can survive this server response and get at least far enough to send the PASV command.
0
 

Author Closing Comment

by:joshcallahan1
ID: 39181510
Correct! I downloaded a free trial of cuteFTP as RoboFTP was a little over my head and cuteFTP worked on the first try.  Thanks!
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses
Course of the Month14 days, 16 hours left to enroll

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question