WatchGuard® Made Simple

This site is for common setup practices as well as tips and tricks for WatchGuard® Firewall products and contain editorial content.  While every effort is made to ensure all information is correct and concise, no warranty of any kind is expressed or implied, and all information is provided on an "as is" basis.

WatchGuard® is not affiliated with this site and all trademarks and graphics referenced are the property of WatchGuard Technologies Inc. or their respective owners.  All other content is the property of Fireboxsupport.com and may not be reproduced without permission.
 

                                       PLEASE REFRESH THE  PAGES IF YOU HAVE VISITED PREVIOUSLY! - NEW CONTENT ADDED!  01/02/2007

Common Practices

Fireware Pro

Configurations and examples

Firebox SSL VPN

Firebox Core SSL VPN

Firebox X Core/Edge

Setup -

Branch Office VPN (IPSec) - Firebox/Soho

Proxy Configuration

Webblocker Configuration

Remote User configuration using MUVPN & PPTP

Spamscreen®

High Availability

Troubleshooting -

Firebox X Resetting

Rebuilding your configuration

Backing Up/Restoring your Firebox Image.

 

WatchGuard Support Programs

Top

                                                 

MoneyCentral Stock Quote
Enter (WGRD) 

 

 

FTP Proxy Configuration.

The FTP proxy needs little configuration.  But remember the FTP proxy service is required no matter what due to the way FTP functions.  Also, do not create custom services that take TCP ports 20 and 21 as it will interfere with the proxy.

Even if you do not host an FTP server, you must have the FTP proxy in your configuration if you need to be able to connect with FTP out in standard modes.

By default after a quick setup wizard configuration the FTP proxy will be in your configuration denied incoming and allowed ANY to ANY outgoing.

The only alteration needed is if you host an FTP server.  To allow incoming FTP to your server when your Firebox has a public external IP and your FTP server has a private IP, edit the FTP service and change its incoming setting to Enabled and Allowed.

In the "To:" field, click the Add button, then the NAT button, and you will be prompted to select the external IP, and enter the internal private IP of your FTP server.

In this example the Firebox IP is 66.44.15.2 and the FTP server is 192.168.50.5

Click OK, and OK again to return to the incoming settings and it will look as below.

Click on the Outgoing tab and leave it as ANY to ANY unless you desire to restrict your users from making outgoing FTP connections.

Next click on the Properties tab.

Next click the Settings button.

By default the "Make incoming FTP connections read only" is checked.  So uncheck this if you need to allow users to upload files to your FTP server behind the Firebox.

Also, if your external users need to use applications which use FTP but get directory listings, uncheck the "Deny incoming SITE command" so their application will function properly.

Click OK until you are back to policy manager and save the changes to the Firebox and the setup is complete.

Additional information about the FTP proxy is available at the links below.

Detailed information about the FTP proxy

Troubleshooting FTP problems

 

 

Top      User Forum