This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Emergency FTP on a Friday Night

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Emergency FTP on a Friday Night

Go to solution
bdunbar
L3 Networker

‎12-05-2014 04:14 PM

PAN-200

PAN OS 6.

So there are, standing up an FTP server for client use.   Got it configured, and tweaked, and secure. Planned to figure out how to open up the firewall next week.

After hours.  Manager called.  I'm on a conference call.  Have some client data to move.  The old (hosted) ftp server is slow.  The new one is fast!   How about it ..

I like a challenge.  Policy, Security, Create a rule

Source: Zone: any  Address: any  User: any

Destination: Zone: any Address: ftpserverIP

Application: ftp

Okay - If I'm logged into the VPN I can, of course, still login to Mr. FTP.

But external access .. wait a second.  How do I tell the device to accept FTP traffic? 

We're not roadblocked - we're using the old (slow) hosted FTP.  But I'm sore confused about this part of it.

Labels:
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
pulukas
L7 Applicator

‎12-07-2014 12:02 PM

I guess this is too late to help, but the document you want is Understanding Pan-OS NAT.  In addition to your security policy to permit the traffic you will need to configure the nat policy for the inbound request to be translated from your public address into the server private address.

Understanding PAN-OS NAT

For inbound destination nat look at page 15 and following to find your correct situation.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

View solution in original post

0 Likes Likes
2 REPLIES 2

Go to solution
pulukas
L7 Applicator

‎12-07-2014 12:02 PM

I guess this is too late to help, but the document you want is Understanding Pan-OS NAT.  In addition to your security policy to permit the traffic you will need to configure the nat policy for the inbound request to be translated from your public address into the server private address.

Understanding PAN-OS NAT

For inbound destination nat look at page 15 and following to find your correct situation.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
0 Likes Likes

Go to solution
bdunbar
L3 Networker
In response to pulukas

‎12-08-2014 10:18 AM

Too late for Friday, but helpful when we want to expose it on the network: thanks.

0 Likes Likes
  • 1 accepted solution
  • 2716 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks