The option Enable FTP Transformations for TCP port(s) in Service Object under Firewall Settings | Advanced settings allows you to choose the Control port used in the FTP connection. NOTE: If a custom port is used by the server instead of TCP port 21 then the same needs to be specified in the Service object for the access rule as well as the NAT policy . Navigate to Manage | Rules | NAT Policies page.In the above rule, the service object FTP is a pre-defined object for TCP port 21.Navigate to Manage | Rules | Access Rules page.Click Add a new address object button and create two address objects one for Server IP on LAN and another for Public IP of the server.Navigate to Manage| Objects |Address Objects page.The SonicWall can determine the Data ports using DPI. In the following configuration, the server chooses a port between 55000-65000.In the following configuration, the server chooses a random port between 1-65535.The below resolution is for customers using SonicOS 6.5 firmware. This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. Passive mode setting in the FTP Server (FileZilla) Resolution for SonicOS 6.5 For the purpose of this article a FileZilla FTP server is shown. This article describes the configuration required in the SonicWall to allow a FTP client on the WAN (Internet) to connect to a server configured in Passive mode behind the SonicWall. This way, only the Control port, TCP port 21, requires to be explicitly opened in the SonicWall. SonicWall overcomes this problem by actively scanning FTP traffic using DPI and dynamically opening ports required for clients to connect to the server. However, this defeats the very purpose of using Passive mode which is recommended for its relative security. This can be overcome by opening all high-number TCP ports (1025-65535) in the NAT device or opening the fixed range of ports configured in the server, depending on the way the server has been configured. If such a device is configured to open and forward TCP port 21, the second connection made by the client to the random port on the server is dropped. In both methods, this new Data connection initiated by the client poses problems if the FTP server is behind a NAT device like a firewall or UTM appliance. The server can be configured to use a random port between 0-65535 or can be configured to choose from a fixed range. The port number sent by the server is based on how the server is configured. The client initiates a new TCP connection on the port sent by the server. In Passive mode, the server sends a random port number to the client. In Active mode, the Data connection is almost always made on TCP port 20 and is initiated by the FTP server after a Control connection is established. In either mode the Control port is by default TCP port 21. FTP can be configured in either Active or Passive mode. The port used for FTP-Data connection is determined by the mode the FTP server is configured in. The Data phase is used to transfer files. In the Control phase of the connection the client and the server exchange authentication information send and receive FTP commands on TCP port 21. Copy URL The link has been copied to clipboardįTP connections involve two TCP connections - one for Control and another for Data.Content Filtering Client Control access to unwanted and unsecure web content.Capture Client Stop advanced threats and rollback the damage caused by malware.Cloud Firewall (NS v) Next-generation firewall capabilities in the cloud.Cloud App Security Visibility and security for Cloud Apps.Email Security Protect against today’s advanced email threats.Switches High-speed network switching for business connectivity.Wireless Access Points Easy to manage, fast and secure Wi-Fi.Secure Mobile Access Remote, best-in-class, secure access.Cloud Edge Secure Access Deploy Zero-Trust Security in minutes.Capture Security appliance Advanced Threat Protection for modern threat landscape.Capture ATP Multi-engine advanced threat detection.Network Security Manager Modern Security Management for today’s security landscape.Security Services Comprehensive security for your network security solution.Next Generation Firewall Next-generation firewall for SMB, Enterprise, and Government.