Solved

SonicWall -- CONCEPT QUESTION ON PORTS

Posted on 2014-11-14
4
237 Views
Last Modified: 2014-11-17
Our Bank wants us to install Secure FTP software on several workstations ( IPSWITCH's WSFTP to be specific)
The Bank says those installations will NOT be a public server. (hence no wizard)

However they say that to communicate successfully we must Open the following ports on our firewall.
"Control Port 20021" and "Data Port Range 25000 to 25500"  

I just dont seem to "get" what they are asking me to do and how specifically to do it....( step by step would be awarded 100 percent credit !!! thanks a million....
0
Comment
Question by:azpete
  • 2
4 Comments
 
LVL 32

Accepted Solution

by:
aleghart earned 350 total points
ID: 40444093
You need to be more specific:

1. ws_ftp  "client"  or  "server"?
2. current state of default firewall rule for LAN>WAN = "any/deny" or "any/allow"?
3. where is the other side?  LAN, WAN, internet, DMZ

For example, you are installing the client software, target is on the internet, default firewall rule for LAN>WAN = any/allow...

...you don't need to make any explicit port changes.  Just install the client and test.
0
 
LVL 61

Expert Comment

by:btan
ID: 40444094
you may want to check this EE post out on as it also share how to open port in sonicwall to allow ws-ftp to use certain port range http://www.experts-exchange.com/Security/Software_Firewalls/Q_22104340.html#a33383314
or in more general you can check the "How to Open Ports to Allow (Webserver, FTP, Email, Terminal Service, etc.) to a server behind the SonicWALL (SonicOS Enhanced)" https://support.software.dell.com/kb/sw4535
just a note that  SSH FTP typically uses port 22 unless you configure otherwise
0
 
LVL 20

Assisted Solution

by:masnrock
masnrock earned 150 total points
ID: 40444343
What the bank probably meant was that if you tend to block communication ports outbound, then you need to allow those ports to be communicated over. But if you do not block that at all, then you should be cool. The bank's wording was pretty bad, as traditionally when opening ports is mentioned, it implies inbound communication.

Just test and see if everything works since you have everything installed.
0
 
LVL 61

Expert Comment

by:btan
ID: 40444353
Just to add..
Control port is the Command channel Port for wsftp server which is typically port 21 and in your case is 20021.
Data port range is the Data channel Port range required for data sent between the server and the client.
There is two mode the wsftp client can work on namely PORT (active mode) or PASV (passive mode) - in summary ref this sharing
if the client is operating in PORT mode, the traffic is outbound from WS_FTP Server and typically, only the inbound ports used by the data channel need to be opened on the client's network.  If the client is operating in PASV mode, inbound ports need to be opened on the server's network.  Again, the client controls which mode will be used, not the server.  An inbound port to the server's command channel (default, port 21) will always need to be open.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now