Solved

WatchGuard XTM Open Port range for FTP

Posted on 2013-05-14
4
1,485 Views
Last Modified: 2013-05-20
Hi,

I have a watchguard firebox XTM.  I am working with another company which has setup an FTP account for files that I need to get.  The details about the connection are:
Protocol: FTP
Encryption: Require explicit FTP over TLS
Logon type: Normal

When I login everything is okay but it fails when listing the files.  This is what they sent me:

"Please note:  This is an FTP/s connection (Secure Socket Level 3).  You will need to have port range 20900-20999 open on your Fire Wall."

I don't know how to do that and I would appreciate if someone would help me out I have read the instructions on the watchguard help site with no success.

Thanks.
0
Comment
Question by:joshcallahan1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 17

Expert Comment

by:lruiz52
ID: 39165858
Open Policy Manager.

1. Select Edit > Add Policy
2. Click New
3. Name Your Policy SEC-FTP
4. Select Packet Filter as Type.
5. Click Add
6. Click on Dropdown Arrow for Type:
            -select Port Range
7. Click on Dropdwon Arrow for Protocols
            -Select TCP/UDP
8. enter  20900 for start Server Port
9. enter 20999 fir End Server Port
10. Click OK.

APply this new policy

Sec-FTP
allowed
from: any trusted
to: any-external
0
 

Author Comment

by:joshcallahan1
ID: 39166113
I'm still getting the same error as before which is in the pic below
Error message from Filezilla
0
 
LVL 16

Accepted Solution

by:
AlexPace earned 250 total points
ID: 39166169
client-side actions are often a combination of raw ftp protocol commands.

this ftp client is choking on the server's response to PWD (print working directory) and it errors out before even attempting to fetch the directory listing... so you dont get to test the port range.  the server's response appears to be overloaded... non-standard.

try updating the client to latest patch or using a different client

if that fails, Robo-FTP client has compatibility with a bunch of non-standard servers so I would say download the 30-day trial and see if you can connect with that... its debug log should show where the failure happens.  

basically you need a client that can survive this server response and get at least far enough to send the PASV command.
0
 

Author Closing Comment

by:joshcallahan1
ID: 39181510
Correct! I downloaded a free trial of cuteFTP as RoboFTP was a little over my head and cuteFTP worked on the first try.  Thanks!
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question