cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

Have you tried ?

In your case:

First create a NAT rule:

source zone: outside

destination zone: outside

destination interface: none (could be set to the physical interface if you wish)

source address: any

destination address: outside_ip

service: any (or set TCP21 along with the portrange you have defined for passive ftp preferly)

source translator: none

destination address: inside_ip

Then create a security rule:

source zone: outside

source address: any

destination zone: inside

destination address: outside_ip

application: ftp

service: application-default (or set TCP21 along with the portrange you have defined for passive ftp)

action: allow

profile: recommended to use an IPS profile thats configured according to: critical, high, medium: block - low, information: default

options: log on session end (enable log on session start for troubleshooting)

You could also use a network range instead of outside_ip. For example outside_range if thats what you mean by "any outside"?

Who rated this post