Emergency FTP on a Friday Night

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Emergency FTP on a Friday Night

L3 Networker

PAN-200

PAN OS 6.

So there are, standing up an FTP server for client use.   Got it configured, and tweaked, and secure. Planned to figure out how to open up the firewall next week.

After hours.  Manager called.  I'm on a conference call.  Have some client data to move.  The old (hosted) ftp server is slow.  The new one is fast!   How about it ..

I like a challenge.  Policy, Security, Create a rule

Source: Zone: any  Address: any  User: any

Destination: Zone: any Address: ftpserverIP

Application: ftp

Okay - If I'm logged into the VPN I can, of course, still login to Mr. FTP.

But external access .. wait a second.  How do I tell the device to accept FTP traffic? 

We're not roadblocked - we're using the old (slow) hosted FTP.  But I'm sore confused about this part of it.

1 accepted solution

Accepted Solutions

L7 Applicator

I guess this is too late to help, but the document you want is Understanding Pan-OS NAT.  In addition to your security policy to permit the traffic you will need to configure the nat policy for the inbound request to be translated from your public address into the server private address.

Understanding PAN-OS NAT

For inbound destination nat look at page 15 and following to find your correct situation.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

View solution in original post

2 REPLIES 2

L7 Applicator

I guess this is too late to help, but the document you want is Understanding Pan-OS NAT.  In addition to your security policy to permit the traffic you will need to configure the nat policy for the inbound request to be translated from your public address into the server private address.

Understanding PAN-OS NAT

For inbound destination nat look at page 15 and following to find your correct situation.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

Too late for Friday, but helpful when we want to expose it on the network: thanks.

  • 1 accepted solution
  • 2717 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!