topic Hello,TFTP requires high in Network Security

How do I set up rule to allow TFTP from DMZ?

Velocity2089 — Tue, 12 Mar 2019 04:08:28 GMT

Hello! I'm trying to set up a firewall rule to allow TFTP traffic to come from my switches in my DMZ so as to do proper configuration backups. Ideally I'd like to allow ONLY these 2 IP's for TFTP traffic and nothing else. I set up the below rule for one of them but had no luck.

Any thoughts on what I may be missing?

access-list dmz1_access_in extended permit udp host 10.1.61.20 host 10.1.80.220 eq tftp

10.1.61.20 = DMZ Switch

10.1.80.220 = TFTP Server

Hello,TFTP requires high

nkarthikeyan — Wed, 30 Apr 2014 07:16:17 GMT

Hello,

TFTP requires high ports range 1024 - 65535 also needs to be allowed... Also some cases it requires bi-directional flows.

So i request you to try by allowing 1024-65535 1st and the try for the bi-directional port allow for the same if 1st method doesn't works.

Regards

Karthik

Turns out I had the correct

Velocity2089 — Sun, 11 May 2014 22:26:13 GMT

Turns out I had the correct rules in place. The issue was that I had routes missing to the DMZ subnet.