Link to home
Start Free TrialLog in
Avatar of azpete
azpete

asked on

SonicWall -- CONCEPT QUESTION ON PORTS

Our Bank wants us to install Secure FTP software on several workstations ( IPSWITCH's WSFTP to be specific)
The Bank says those installations will NOT be a public server. (hence no wizard)

However they say that to communicate successfully we must Open the following ports on our firewall.
"Control Port 20021" and "Data Port Range 25000 to 25500"  

I just dont seem to "get" what they are asking me to do and how specifically to do it....( step by step would be awarded 100 percent credit !!! thanks a million....
ASKER CERTIFIED SOLUTION
Avatar of aleghart
aleghart
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of btan
btan

you may want to check this EE post out on as it also share how to open port in sonicwall to allow ws-ftp to use certain port range https://www.experts-exchange.com/questions/22104340/FTPS-over-Sonicwall.html?anchorAnswerId=33383314#a33383314
or in more general you can check the "How to Open Ports to Allow (Webserver, FTP, Email, Terminal Service, etc.) to a server behind the SonicWALL (SonicOS Enhanced)" https://support.software.dell.com/kb/sw4535
just a note that  SSH FTP typically uses port 22 unless you configure otherwise
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Just to add..
Control port is the Command channel Port for wsftp server which is typically port 21 and in your case is 20021.
Data port range is the Data channel Port range required for data sent between the server and the client.
There is two mode the wsftp client can work on namely PORT (active mode) or PASV (passive mode) - in summary ref this sharing
if the client is operating in PORT mode, the traffic is outbound from WS_FTP Server and typically, only the inbound ports used by the data channel need to be opened on the client's network.  If the client is operating in PASV mode, inbound ports need to be opened on the server's network.  Again, the client controls which mode will be used, not the server.  An inbound port to the server's command channel (default, port 21) will always need to be open.