How to Allow FTPS/FTPES Traffic Through the Firewall

How to Allow FTPS/FTPES Traffic Through the Firewall

81021
Created On 09/25/18 17:19 PM - Last Modified 06/12/23 16:08 PM


Resolution


Issue

FTPS also called FTPES is a secure FTP that works on the top of SSL. It is similar to regular FTP and has the control connection over SSL and a data connection. Palo Alto Networks firewalls identify the control connections as SSL as it does not have visbility into the application. With normal FTP the firewall is aware of the ports that will be used for the data connection. For FTPS since the control connection is over SSL, the firewall is unaware of the ports used for the data connection so it will block the data session causing the file transfer to fail.

 

Resolution

Enable SSL decryption for the FTPS traffic to pass through the device properly or allow all the traffic to the server on all ports which is a less secure option.

 

owner: sdurga
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEjCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language