https://live.paloaltonetworks.com/t5/general-topics/how-passive-ftp-is-filtered-in-palo-alto/m-p/78094#M42819 <P><BR /><SPAN>#Firewall works on the concept of inspection.</SPAN><BR /><SPAN>#Connection request will be sent on port 21 , return packet will contain the DATA ports ( for example 3453 &nbsp;) </SPAN></P> <P><SPAN>Firewall inspects this session and &nbsp;since it a past of a existing session,</SPAN></P> <P><SPAN>#Firewall Opens a by-default pin hole for the data port &nbsp;( as it already inspected the S2C packet )&nbsp;</SPAN><SPAN>and the traffic going on the data port&nbsp;are allowed.&nbsp;</SPAN></P> <P>&nbsp;</P> Sun, 15 May 2016 05:16:53 GMT tsrivastav 2016-05-15T05:16:53Z https://live.paloaltonetworks.com/t5/general-topics/how-passive-ftp-is-filtered-in-palo-alto/m-p/78092#M42817 <P>Hi Guys,&nbsp;</P><P>&nbsp;</P><P>I know application FTP covers both Passive and Active FTP. However, my question is how it filters the traffic. I mean how a server Intiating a connection to the client will be filtered and allowed. Can anyone help.&nbsp;</P> Sat, 14 May 2016 15:03:56 GMT https://live.paloaltonetworks.com/t5/general-topics/how-passive-ftp-is-filtered-in-palo-alto/m-p/78092#M42817 yadsingh 2016-05-14T15:03:56Z https://live.paloaltonetworks.com/t5/general-topics/how-passive-ftp-is-filtered-in-palo-alto/m-p/78093#M42818 <P>Hi,</P> <P>&nbsp;</P> <P>The firewall create predict sessions. You can read about it here:</P> <P>&nbsp;</P> <P><A href="https://live.paloaltonetworks.com/t5/Learning-Articles/Palo-Alto-Networks-Firewall-Session-Overview/ta-p/55633" target="_self">https://live.paloaltonetworks.com/t5/Learning-Articles/Palo-Alto-Networks-Firewall-Session-Overview/ta-p/55633</A></P> <P>&nbsp;</P> <P>Benjamin</P> Sat, 14 May 2016 15:55:38 GMT https://live.paloaltonetworks.com/t5/general-topics/how-passive-ftp-is-filtered-in-palo-alto/m-p/78093#M42818 BenjAudy.MTL 2016-05-14T15:55:38Z https://live.paloaltonetworks.com/t5/general-topics/how-passive-ftp-is-filtered-in-palo-alto/m-p/78094#M42819 <P><BR /><SPAN>#Firewall works on the concept of inspection.</SPAN><BR /><SPAN>#Connection request will be sent on port 21 , return packet will contain the DATA ports ( for example 3453 &nbsp;) </SPAN></P> <P><SPAN>Firewall inspects this session and &nbsp;since it a past of a existing session,</SPAN></P> <P><SPAN>#Firewall Opens a by-default pin hole for the data port &nbsp;( as it already inspected the S2C packet )&nbsp;</SPAN><SPAN>and the traffic going on the data port&nbsp;are allowed.&nbsp;</SPAN></P> <P>&nbsp;</P> Sun, 15 May 2016 05:16:53 GMT https://live.paloaltonetworks.com/t5/general-topics/how-passive-ftp-is-filtered-in-palo-alto/m-p/78094#M42819 tsrivastav 2016-05-15T05:16:53Z https://live.paloaltonetworks.com/t5/general-topics/how-passive-ftp-is-filtered-in-palo-alto/m-p/78095#M42820 <P>So if your question was how the firewall allows the traffic going on the data ports from Client to server&nbsp;</P> <P>then Inspection of the FTP application is the answer</P> <P>also predict session plays an imp. role in the same</P> Sun, 15 May 2016 05:17:38 GMT https://live.paloaltonetworks.com/t5/general-topics/how-passive-ftp-is-filtered-in-palo-alto/m-p/78095#M42820 tsrivastav 2016-05-15T05:17:38Z