Table of Contents
Advertisement
The following diagram demonstrates the establishment of a Passive FTP connection
through a firewall protecting the FTP server.
Figure 12: Establishment of Passive FTP Connection
From the FTP server's perspective, the following connections are established:
•
Command connection from the client on a port greater than 1023, to the server
on port 21
•
Data connection from the client on a port greater than 1023, to the server on a
port greater than 1023
The fact that both of the channels are established by the client presents a challenge for the
firewall protecting the FTP server: while a firewall can easily be configured to identify
incoming command connections over the default port 21, it must also be able to handle
incoming data connections over a dynamic port that is negotiated randomly as part of the
FTP client-server communication. The following table examines how different firewall
technologies handle this challenge:
Chapter 2: UTM-1 Security
The UTM-1 Firewall
49
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the UTM-1 Edge and is the answer not in the manual?