https://community.cisco.com/t5/network-security/passive-ftp-assistance/m-p/1010593#M940487 <P>Linux_FTP_Server---(i)Pix(o)----Linux_FTP_Client</P><P>Pix is running version 7.2(2)</P><P>FTP_Server: 192.168.1.2/24</P><P>Pix inside: 192.168.1.1/24</P><P>Pix outside: 1.1.1.1/24</P><P>FTP_client: 1.1.1.10/24</P><P></P><P>static (inside,outside) 1.1.1.2 192.168.1.2 netmask 255.255.255.255</P><P>access-list External permit icmp any host 1.1.1.2 log</P><P>access-list External permit tcp any host 1.1.1.2 eq 21 log</P><P>access-group External in interface outside</P><P></P><P>Is it possible to allow ONLY passive FTP through the firewall? In other words, </P><P>FTP_client can only do passive ftp with the</P><P>server. Active FTP will be rejected by the </P><P>firewall.</P><P></P><P>If it is possible, how does one go about </P><P>doing it? </P><P></P><P>Thanks.</P><P></P><P></P> Mon, 11 Mar 2019 12:21:18 GMT cisco24x7 2019-03-11T12:21:18Z https://community.cisco.com/t5/network-security/passive-ftp-assistance/m-p/1010593#M940487 <P>Linux_FTP_Server---(i)Pix(o)----Linux_FTP_Client</P><P>Pix is running version 7.2(2)</P><P>FTP_Server: 192.168.1.2/24</P><P>Pix inside: 192.168.1.1/24</P><P>Pix outside: 1.1.1.1/24</P><P>FTP_client: 1.1.1.10/24</P><P></P><P>static (inside,outside) 1.1.1.2 192.168.1.2 netmask 255.255.255.255</P><P>access-list External permit icmp any host 1.1.1.2 log</P><P>access-list External permit tcp any host 1.1.1.2 eq 21 log</P><P>access-group External in interface outside</P><P></P><P>Is it possible to allow ONLY passive FTP through the firewall? In other words, </P><P>FTP_client can only do passive ftp with the</P><P>server. Active FTP will be rejected by the </P><P>firewall.</P><P></P><P>If it is possible, how does one go about </P><P>doing it? </P><P></P><P>Thanks.</P><P></P><P></P> Mon, 11 Mar 2019 12:21:18 GMT https://community.cisco.com/t5/network-security/passive-ftp-assistance/m-p/1010593#M940487 cisco24x7 2019-03-11T12:21:18Z https://community.cisco.com/t5/network-security/passive-ftp-assistance/m-p/1010594#M940488 <HTML><HEAD></HEAD><BODY><P>Anyone know the work-around on the firewall</P><P>for this? Thanks.</P></BODY></HTML> Tue, 25 Mar 2008 21:16:17 GMT https://community.cisco.com/t5/network-security/passive-ftp-assistance/m-p/1010594#M940488 cisco24x7 2008-03-25T21:16:17Z https://community.cisco.com/t5/network-security/passive-ftp-assistance/m-p/1010595#M940489 <HTML><HEAD></HEAD><BODY><P>If you remove the FTP inspection and opened access to your server on port 21 and 20...it might prevent passive FTP</P><P></P><P>--Gavin Budd</P></BODY></HTML> Thu, 27 Mar 2008 16:02:03 GMT https://community.cisco.com/t5/network-security/passive-ftp-assistance/m-p/1010595#M940489 gbudd12345 2008-03-27T16:02:03Z https://community.cisco.com/t5/network-security/passive-ftp-assistance/m-p/1010596#M940490 <HTML><HEAD></HEAD><BODY><P>Have you tried it and that it works for you?</P><P></P><P>CCIE Security</P></BODY></HTML> Thu, 27 Mar 2008 19:32:09 GMT https://community.cisco.com/t5/network-security/passive-ftp-assistance/m-p/1010596#M940490 cisco24x7 2008-03-27T19:32:09Z