Hi ,
Based on my research, firewall NATs the Public IP to private IP and maintains the connection. But when client sends a PASV Request command for moving into passive mode, the server responds back to the client as a PASV response with internal IP address of the FTP server in it. Since the IP address of the control channel is different from the IP that server is asking the client to to connect for data channel in PASV Response packet, Client will fail to establish a Data channel for data transfer as it is behind the Firewall.
To over come the above problem. Configure the FTP Firewall Support with external IP of the firewall that it is listening for FTP.
On FTP Firewall Support, enter the external IPv4 address of the firewall through which the data connections arrive. You can also configure the range of passive port numbers that you want the FTP service to use. For example, 41000-41099 allows the server to support 100 passive mode data connections simultaneously.
Ensure that you also create a firewall rule on the firewall device to allow inbound connections on the ports that you configured above.
As picture below:
Best Regards,
Candy
--------------------------------------------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.