-
Products
-
Gen 7 Firewalls
SonicWall's Gen 7 platform-ready firewalls offer performance with stability and superior threat protection — all at an industry-leading TCO.
Read More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Opening custom port for a Passive mode FTP Server
09/30/2022 
322 People found this article helpful
480,908 Views
Description
File Transfer Protocol (FTP) operates on TCP ports 20 and 21 where port 21 is the Control Port and 20 is Data Port. However, when using non-standard ports (eg. 2020, 2121), SonicWall drops the packet as it is not able to identify it as FTP traffic. A new option has been introduced to set custom control port for FTP traffic called "Enable FTP Transformations for TCP port(s) in Service Object". Enabling this option would help SonicWall identify traffic to and from the custom port as FTP traffic.
This article describes the method to set a custom control port for FTP.
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
In this scenario we have an FTP server behind the SonicWall listening on port 2121 configured in Passive Mode. The configuration would be the same if the server is configured in Active Mode also.
- Click OBJECT in the top navigation menu
- Navigate to the Match Objects| Addresses page.
- Click on Add
- Create an Address Object for the private IP address of the FTP server.
- Click on Save
- Click OBJECT in the top navigation menu
- Navigate to the Match Objects| Services page.
- Click on Add
- Create an Service Object for the private IP address of the FTP server.
- Click on Save
- Create the following Access Rule and NAT Policy.
- Click Policy in the top navigation menu
- Click on Add
- Create the access rule as below
- Click on ADD
- Click Manage in the top navigation menu
- Navigate to Rules and Policies | NAT Rules
- Click on Add
- Create the NAT Policy as below
- Click on ADD
- Select the address object for the custom service under Enable FTP Transformations for TCP port(s) in Service Object on the Network | Firewalll Settings | Advanced page.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
In this scenario we have an FTP server behind the SonicWall listening on port 2121 configured in Passive Mode. The configuration would be the same if the server is configured in Active Mode also.
|  |
|
|
Create the following Access Rule and NAT Policy.
- Click Manage in the top navigation menu
- Navigate to Rules | Access Rules
- Click on Add
- Create the access rule as below
- Click on ADD
- Click Manage in the top navigation menu
- Navigate to Rules | NAT Policies
- Click on Add
- Create the NAT Policy as below
- Click on ADD
- Select the address object for the custom service under Enable FTP Transformations for TCP port(s) in Service Object on the Firewalll Settings | Advanced page.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
In this scenario we have an FTP server behind the SonicWall listening on port 2121 configured in Passive Mode. The configuration would be the same if the server is configured in Active Mode also.
|  |
|
|
- Create the following Access Rule and NAT Policy
- Access Rule under Firewall | Access Rule
- NAT Policy under Network | NAT Policies
- Select the address object for the custom service under Enable FTP Transformations for TCP port(s) in Service Object on the Firewalll Settings | Advanced page.
Related Articles
- How to access a more specific network over VPN tunnel while having another Route All VPN policy
- How to limit bandwidth usage when playing YouTube videos using App Rules
- SonicWall TZ80 In-Product settings migration
Categories
- Firewalls > SonicWall NSA Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > TZ Series
YES
NO