so, ive got a pcap capture from one ftp connection out from our machine that does not work, and there are two dropped packets (see wireshark screen for example) both packets dropped were 192.168.* -> 205.207.*:50046 (its reaching out to make the data connection via passive mode) however the same type of packet that was dropped above, is also allowed (according to the PA logs). FYI: the client PC that DOES work to this ftp server never reaches out to a random port for passive mode, doesnt even reach out to port 20, according to the logs.. it only reached out to port 21, or thats all i see anyways. Not sure where to go from here.
... View more