SonicWall -- CONCEPT QUESTION ON PORTS

Our Bank wants us to install Secure FTP software on several workstations ( IPSWITCH's WSFTP to be specific)
The Bank says those installations will NOT be a public server. (hence no wizard)

However they say that to communicate successfully we must Open the following ports on our firewall.
"Control Port 20021" and "Data Port Range 25000 to 25500"  

I just dont seem to "get" what they are asking me to do and how specifically to do it....( step by step would be awarded 100 percent credit !!! thanks a million....
azpeteAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

aleghartCommented:
You need to be more specific:

1. ws_ftp  "client"  or  "server"?
2. current state of default firewall rule for LAN>WAN = "any/deny" or "any/allow"?
3. where is the other side?  LAN, WAN, internet, DMZ

For example, you are installing the client software, target is on the internet, default firewall rule for LAN>WAN = any/allow...

...you don't need to make any explicit port changes.  Just install the client and test.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
you may want to check this EE post out on as it also share how to open port in sonicwall to allow ws-ftp to use certain port range http://www.experts-exchange.com/Security/Software_Firewalls/Q_22104340.html#a33383314
or in more general you can check the "How to Open Ports to Allow (Webserver, FTP, Email, Terminal Service, etc.) to a server behind the SonicWALL (SonicOS Enhanced)" https://support.software.dell.com/kb/sw4535
just a note that  SSH FTP typically uses port 22 unless you configure otherwise
0
masnrockCommented:
What the bank probably meant was that if you tend to block communication ports outbound, then you need to allow those ports to be communicated over. But if you do not block that at all, then you should be cool. The bank's wording was pretty bad, as traditionally when opening ports is mentioned, it implies inbound communication.

Just test and see if everything works since you have everything installed.
0
btanExec ConsultantCommented:
Just to add..
Control port is the Command channel Port for wsftp server which is typically port 21 and in your case is 20021.
Data port range is the Data channel Port range required for data sent between the server and the client.
There is two mode the wsftp client can work on namely PORT (active mode) or PASV (passive mode) - in summary ref this sharing
if the client is operating in PORT mode, the traffic is outbound from WS_FTP Server and typically, only the inbound ports used by the data channel need to be opened on the client's network.  If the client is operating in PASV mode, inbound ports need to be opened on the server's network.  Again, the client controls which mode will be used, not the server.  An inbound port to the server's command channel (default, port 21) will always need to be open.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.