Zywall USG 100 Firewall

Posted on 2015-02-04
Last Modified: 2015-02-10
I am now setting up one Zywall USG 100 (latest firware applied), and I want to forward port 21 to internal server. I follow the steps from the manual, but it is not working. If I disable the firewall, it is working.

I am attaching the manual/tutorial. I used the steps from page 167 to 170. I cannot copy it here as it document is secured.
Question by:goliveuk
  • 3
  • 2
LVL 40

Expert Comment

ID: 40591737
Hi port 21 is FTP (i expect that you want to use it as such..)
That not only means that port 21 needs to be forward but also the accompaning ports.
for file transfer. Did you enable the FTP ALG?

So besides a NAT rule
+ Firewall rule to pass on port 21
you also need to enable the ALG/FTP

Instead of using FTP please consider the use of SSH/SCP/SFTP...
that doesn't expose a users password like FTP does. It also makes the FTP transfer more private w.r.t. content. (and at least easier on network resources.).

Author Comment

ID: 40593439
Hello noci,

ALG/FTP is enabled.
LVL 40

Expert Comment

ID: 40595571
Ok, can you make a screen shot of the config & post here. public IP addresses can be blurred if needed.

Author Comment

ID: 40598218

Here are some screens from the Zywall
LVL 40

Accepted Solution

noci earned 500 total points
ID: 40599877
Ah, firewall: WAN-> DMZ, where your FTP server has an address on the LAN1 port
so firewall should be WAN->LAN1 or you need to move the FTP server to the DMZ port.

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
F5 SSL Sticky Load Balancing Question 3 55
null0 7 37
ip igmp join-group 8 39
Site cannot be reached ONLY when connected to modem 18 34
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question