Solved

SonicWall -- CONCEPT QUESTION ON PORTS

Posted on 2014-11-14
4
258 Views
Last Modified: 2014-11-17
Our Bank wants us to install Secure FTP software on several workstations ( IPSWITCH's WSFTP to be specific)
The Bank says those installations will NOT be a public server. (hence no wizard)

However they say that to communicate successfully we must Open the following ports on our firewall.
"Control Port 20021" and "Data Port Range 25000 to 25500"  

I just dont seem to "get" what they are asking me to do and how specifically to do it....( step by step would be awarded 100 percent credit !!! thanks a million....
0
Comment
Question by:azpete
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 32

Accepted Solution

by:
aleghart earned 350 total points
ID: 40444093
You need to be more specific:

1. ws_ftp  "client"  or  "server"?
2. current state of default firewall rule for LAN>WAN = "any/deny" or "any/allow"?
3. where is the other side?  LAN, WAN, internet, DMZ

For example, you are installing the client software, target is on the internet, default firewall rule for LAN>WAN = any/allow...

...you don't need to make any explicit port changes.  Just install the client and test.
0
 
LVL 64

Expert Comment

by:btan
ID: 40444094
you may want to check this EE post out on as it also share how to open port in sonicwall to allow ws-ftp to use certain port range http://www.experts-exchange.com/Security/Software_Firewalls/Q_22104340.html#a33383314
or in more general you can check the "How to Open Ports to Allow (Webserver, FTP, Email, Terminal Service, etc.) to a server behind the SonicWALL (SonicOS Enhanced)" https://support.software.dell.com/kb/sw4535
just a note that  SSH FTP typically uses port 22 unless you configure otherwise
0
 
LVL 29

Assisted Solution

by:masnrock
masnrock earned 150 total points
ID: 40444343
What the bank probably meant was that if you tend to block communication ports outbound, then you need to allow those ports to be communicated over. But if you do not block that at all, then you should be cool. The bank's wording was pretty bad, as traditionally when opening ports is mentioned, it implies inbound communication.

Just test and see if everything works since you have everything installed.
0
 
LVL 64

Expert Comment

by:btan
ID: 40444353
Just to add..
Control port is the Command channel Port for wsftp server which is typically port 21 and in your case is 20021.
Data port range is the Data channel Port range required for data sent between the server and the client.
There is two mode the wsftp client can work on namely PORT (active mode) or PASV (passive mode) - in summary ref this sharing
if the client is operating in PORT mode, the traffic is outbound from WS_FTP Server and typically, only the inbound ports used by the data channel need to be opened on the client's network.  If the client is operating in PASV mode, inbound ports need to be opened on the server's network.  Again, the client controls which mode will be used, not the server.  An inbound port to the server's command channel (default, port 21) will always need to be open.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question