?
Solved

SonicWall -- CONCEPT QUESTION ON PORTS

Posted on 2014-11-14
4
Medium Priority
?
262 Views
Last Modified: 2014-11-17
Our Bank wants us to install Secure FTP software on several workstations ( IPSWITCH's WSFTP to be specific)
The Bank says those installations will NOT be a public server. (hence no wizard)

However they say that to communicate successfully we must Open the following ports on our firewall.
"Control Port 20021" and "Data Port Range 25000 to 25500"  

I just dont seem to "get" what they are asking me to do and how specifically to do it....( step by step would be awarded 100 percent credit !!! thanks a million....
0
Comment
Question by:azpete
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 32

Accepted Solution

by:
aleghart earned 1400 total points
ID: 40444093
You need to be more specific:

1. ws_ftp  "client"  or  "server"?
2. current state of default firewall rule for LAN>WAN = "any/deny" or "any/allow"?
3. where is the other side?  LAN, WAN, internet, DMZ

For example, you are installing the client software, target is on the internet, default firewall rule for LAN>WAN = any/allow...

...you don't need to make any explicit port changes.  Just install the client and test.
0
 
LVL 64

Expert Comment

by:btan
ID: 40444094
you may want to check this EE post out on as it also share how to open port in sonicwall to allow ws-ftp to use certain port range http://www.experts-exchange.com/Security/Software_Firewalls/Q_22104340.html#a33383314
or in more general you can check the "How to Open Ports to Allow (Webserver, FTP, Email, Terminal Service, etc.) to a server behind the SonicWALL (SonicOS Enhanced)" https://support.software.dell.com/kb/sw4535
just a note that  SSH FTP typically uses port 22 unless you configure otherwise
0
 
LVL 30

Assisted Solution

by:masnrock
masnrock earned 600 total points
ID: 40444343
What the bank probably meant was that if you tend to block communication ports outbound, then you need to allow those ports to be communicated over. But if you do not block that at all, then you should be cool. The bank's wording was pretty bad, as traditionally when opening ports is mentioned, it implies inbound communication.

Just test and see if everything works since you have everything installed.
0
 
LVL 64

Expert Comment

by:btan
ID: 40444353
Just to add..
Control port is the Command channel Port for wsftp server which is typically port 21 and in your case is 20021.
Data port range is the Data channel Port range required for data sent between the server and the client.
There is two mode the wsftp client can work on namely PORT (active mode) or PASV (passive mode) - in summary ref this sharing
if the client is operating in PORT mode, the traffic is outbound from WS_FTP Server and typically, only the inbound ports used by the data channel need to be opened on the client's network.  If the client is operating in PASV mode, inbound ports need to be opened on the server's network.  Again, the client controls which mode will be used, not the server.  An inbound port to the server's command channel (default, port 21) will always need to be open.
0

Featured Post

Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
In this article, we’ll look at how to deploy ProxySQL.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question