• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1614
  • Last Modified:

WatchGuard XTM Open Port range for FTP

Hi,

I have a watchguard firebox XTM.  I am working with another company which has setup an FTP account for files that I need to get.  The details about the connection are:
Protocol: FTP
Encryption: Require explicit FTP over TLS
Logon type: Normal

When I login everything is okay but it fails when listing the files.  This is what they sent me:

"Please note:  This is an FTP/s connection (Secure Socket Level 3).  You will need to have port range 20900-20999 open on your Fire Wall."

I don't know how to do that and I would appreciate if someone would help me out I have read the instructions on the watchguard help site with no success.

Thanks.
0
joshcallahan1
Asked:
joshcallahan1
  • 2
1 Solution
 
lruiz52Commented:
Open Policy Manager.

1. Select Edit > Add Policy
2. Click New
3. Name Your Policy SEC-FTP
4. Select Packet Filter as Type.
5. Click Add
6. Click on Dropdown Arrow for Type:
            -select Port Range
7. Click on Dropdwon Arrow for Protocols
            -Select TCP/UDP
8. enter  20900 for start Server Port
9. enter 20999 fir End Server Port
10. Click OK.

APply this new policy

Sec-FTP
allowed
from: any trusted
to: any-external
0
 
joshcallahan1Author Commented:
I'm still getting the same error as before which is in the pic below
Error message from Filezilla
0
 
AlexPaceCommented:
client-side actions are often a combination of raw ftp protocol commands.

this ftp client is choking on the server's response to PWD (print working directory) and it errors out before even attempting to fetch the directory listing... so you dont get to test the port range.  the server's response appears to be overloaded... non-standard.

try updating the client to latest patch or using a different client

if that fails, Robo-FTP client has compatibility with a bunch of non-standard servers so I would say download the 30-day trial and see if you can connect with that... its debug log should show where the failure happens.  

basically you need a client that can survive this server response and get at least far enough to send the PASV command.
0
 
joshcallahan1Author Commented:
Correct! I downloaded a free trial of cuteFTP as RoboFTP was a little over my head and cuteFTP worked on the first try.  Thanks!
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now