Sonic Wall is blocking PASV traffic from coming into the FTP server

5 pts.
Tags:
FTP
SonicWALL
Our Sonic Wall is blocking PASV traffic from coming into the FTP server. The connection works okay on port 21, then when the server switches to the PASV ports, the firewall drops the connection, even though the ports are specifically assigned. If I uncheck the FTP Bounce Attack Prevention box on the diag screen, PASV traffic is not blocked, however, this causes us to lose phone service and DNS. The firewall ends up sending packets back and forth with the Edgewater device causing the problem. Any ideas on resolving this problem is greatly appreciated.
ASKED: March 5, 2008  4:08 PM
UPDATED: June 8, 2012  2:35 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

If you have a Cisco device in the network, use it to examine packets as they pass to determine what port numbers PASV traffic uses. There are ways of doing this with a network card in promiscuous mode but they are a bit close to hacking tools you do not want to tempt anybody with.

Set your Cisco login session to record. At the prompt, enter:

terminal monitor

Then enter:

Debug IP Packet

This puts every packet on the screen. You can simply enter NO debug ip packet to cancel.

Examine the IP traffic that PASV uses and extract all the port numbers, then open only those port numbers. Test. Adjust.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following